luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TODO: Reduce CA certificate bundle reparsing

Browse Source 
By adding some sort of cache.

Reported-by: Michael Drake
Closes #9379
Closes #9538
This commit is contained in:
Daniel Stenberg 2022-09-19 14:55:30 +02:00
parent 4e6893307b
commit e9a85c4623
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/TODO
View File

@ -120,6 +120,7 @@
13.9 TLS record padding 13.9 TLS record padding
13.10 Support Authority Information Access certificate extension (AIA) 13.10 Support Authority Information Access certificate extension (AIA)
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
13.12 Reduce CA certificate bundle reparsing
13.13 Make sure we forbid TLS 1.3 post-handshake authentication 13.13 Make sure we forbid TLS 1.3 post-handshake authentication
13.14 Support the clienthello extension 13.14 Support the clienthello extension
@ -844,6 +845,15 @@
Adding this feature would make curls pinning 100% compatible to HPKP and Adding this feature would make curls pinning 100% compatible to HPKP and
allow more flexible pinning. allow more flexible pinning.
13.12 Reduce CA certificate bundle reparsing
When using the OpenSSL backend, curl will load and reparse the CA bundle at
the creation of the "SSL context" when it sets up a connection to do a TLS
handshake. A more effective way would be to somehow cache the CA bundle to
avoid it having to be repeatedly reloaded and reparsed.
See https://github.com/curl/curl/issues/9379
13.13 Make sure we forbid TLS 1.3 post-handshake authentication 13.13 Make sure we forbid TLS 1.3 post-handshake authentication
RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3 RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3