Message212428
| Author | ronaldoussoren |
|---|---|
| Recipients | benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, eric.araujo, esc24, georg.brandl, larry, loewis, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren |
| Date | 2014-02-28.13:23:31 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
AFAIK OpenSSL has hooks that can be called when a certificate needs to be validated. If I my memory is correct this could be used to validate certificates using a public API (basically doing the same as Apple's patch, but using public APIs for the system and OpenSSL). This has one significant risk though: as we've found at a couple of times (such as with the _scproxy extension) Apple's API don't necessary play along nicely when you use execv without fork or fork without execv :-(. I have no idea if Apple's preferred crypto APIs suffer from this problem. |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2014-02-28 13:23:33 | ronaldoussoren | set | recipients: + ronaldoussoren, loewis, georg.brandl, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, ned.deily, eric.araujo, brian.curtin, esc24, dilettant, dstufft, mlen |
| 2014-02-28 13:23:32 | ronaldoussoren | set | messageid: <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za> |
| 2014-02-28 13:23:32 | ronaldoussoren | link | issue17128 messages |
| 2014-02-28 13:23:31 | ronaldoussoren | create | |