7.6 Provide callback for cert verification
7.7 Support other SSL libraries
7.9 improve configure --with-ssl
+ 7.10 Support DANE
8. GnuTLS
8.1 SSL engine stuff
8.3 check connection
- 8.4 non-gcrypt
9. SMTP
9.1 Specify the preferred authentication mechanism
make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
then NSS...
+7.10 Support DANE
+
+ DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
+ keys and certs over DNS using DNSSEC as an alternative to the CA model.
+ http://www.rfc-editor.org/rfc/rfc6698.txt
+
+
8. GnuTLS
8.1 SSL engine stuff
Add a way to check if the connection seems to be alive, to correspond to the
SSL_peak() way we use with OpenSSL.
-8.4 non-gcrypt
-
- libcurl assumes that there are gcrypt functions available when
- GnuTLS is.
-
- GnuTLS can be built to use libnettle instead as crypto library,
- which breaks the previously mentioned assumption
-
- The correct fix would be to detect which crypto layer that is in use and
- adapt our code to use that instead of blindly assuming gcrypt.
9. SMTP