Message212428
| Author |
ronaldoussoren |
| Recipients |
benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, eric.araujo, esc24, georg.brandl, larry, loewis, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren |
| Date |
2014年02月28日.13:23:31 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
AFAIK OpenSSL has hooks that can be called when a certificate needs to be validated. If I my memory is correct this could be used to validate certificates using a public API (basically doing the same as Apple's patch, but using public APIs for the system and OpenSSL).
This has one significant risk though: as we've found at a couple of times (such as with the _scproxy extension) Apple's API don't necessary play along nicely when you use execv without fork or fork without execv :-(. I have no idea if Apple's preferred crypto APIs suffer from this problem. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2014年02月28日 13:23:33 | ronaldoussoren | set | recipients:
+ ronaldoussoren, loewis, georg.brandl, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, ned.deily, eric.araujo, brian.curtin, esc24, dilettant, dstufft, mlen |
| 2014年02月28日 13:23:32 | ronaldoussoren | set | messageid: <1393593812.86.0.154210739416.issue17128@psf.upfronthosting.co.za> |
| 2014年02月28日 13:23:32 | ronaldoussoren | link | issue17128 messages |
| 2014年02月28日 13:23:31 | ronaldoussoren | create |
|