Message212428
AFAIK OpenSSL has hooks that can be called when a certificate needs to be validated. If I my memory is correct this could be used to validate certificates using a public API (basically doing the same as Apple's patch, but using public APIs for the system and OpenSSL).
This has one significant risk though: as we've found at a couple of times (such as with the _scproxy extension) Apple's API don't necessary play along nicely when you use execv without fork or fork without execv :-(. I have no idea if Apple's preferred crypto APIs suffer from this problem. |
|
Date |
User |
Action |
Args |
2014-02-28 13:23:33 | ronaldoussoren | set | recipients:
+ ronaldoussoren, loewis, georg.brandl, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, ned.deily, eric.araujo, brian.curtin, esc24, dilettant, dstufft, mlen |
2014-02-28 13:23:32 | ronaldoussoren | set | messageid: <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za> |
2014-02-28 13:23:32 | ronaldoussoren | link | issue17128 messages |
2014-02-28 13:23:31 | ronaldoussoren | create | |
|