Author ronaldoussoren
Recipients benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, esc24, georg.brandl, larry, loewis, merwok, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren
Date 2014-02-28.13:23:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za>
In-reply-to
Content
AFAIK OpenSSL has hooks that can be called when a certificate needs to be validated. If I my memory is correct this could be used to validate certificates using a public API (basically doing the same as Apple's patch, but using public APIs for the system and OpenSSL).

This has one significant risk though: as we've found at a couple of times (such as with the _scproxy extension) Apple's API don't necessary play along nicely when you use execv without fork or fork without execv :-(. I have no idea if Apple's preferred crypto APIs suffer from this problem.
History
Date User Action Args
2014-02-28 13:23:33ronaldoussorensetrecipients: + ronaldoussoren, loewis, georg.brandl, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, ned.deily, merwok, brian.curtin, esc24, dilettant, dstufft, mlen
2014-02-28 13:23:32ronaldoussorensetmessageid: <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za>
2014-02-28 13:23:32ronaldoussorenlinkissue17128 messages
2014-02-28 13:23:31ronaldoussorencreate