Author ronaldoussoren
Recipients ned.deily, pitrou, ronaldoussoren
Date 2012-08-21.05:05:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1345525542.94.0.61755159878.issue15740@psf.upfronthosting.co.za>
In-reply-to
Content
What's rather annoying is that I cannot find OpenSSL on opensource.apple.com, which means we cannot check if they use patches add functionality that our users would like to have. 

One such feature is likely keychain integration (that is, use the CA roots from the user and system keychain instead of a CA root store in the file system). I'm not 100% sure that this functionality is actually present, but as _ssl automaticly finds a CA root certificate that I have added to the system keychain gives a pretty clear indication.

BTW. It might be worthwhile to investigate if it would be possible to write a version of the _ssl extension that links with Apple frameworks (like CommonCrypto) instead of OpenSSL.   There are two obvious reason why this might not work out: Apple's frameworks might not over all functionality needed to implement _ssl (and _hashlib, and the additional code adds maintenance overhead that could be too high.
History
Date User Action Args
2012-08-21 05:05:43ronaldoussorensetrecipients: + ronaldoussoren, pitrou, ned.deily
2012-08-21 05:05:42ronaldoussorensetmessageid: <1345525542.94.0.61755159878.issue15740@psf.upfronthosting.co.za>
2012-08-21 05:05:21ronaldoussorenlinkissue15740 messages
2012-08-21 05:05:20ronaldoussorencreate