TODO: support DANE, we already support gnutls without gcrypt

013d043d · Daniel Stenberg · 382429e7 · 013d043d
Commit 013d043d authored 12 years ago by Daniel Stenberg
--- a/docs/TODO
+++ b/docs/TODO
@@ -55,11 +55,11 @@
 7.6 Provide callback for cert verification
 7.7 Support other SSL libraries
 7.9 improve configure --with-ssl
+ 7.10 Support DANE

 8. GnuTLS
 8.1 SSL engine stuff
 8.3 check connection
- 8.4 non-gcrypt

 9. SMTP
 9.1 Specify the preferred authentication mechanism
@@ -355,6 +355,13 @@ to provide the data to send.
 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

+7.10 Support DANE
+
+ DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
+ keys and certs over DNS using DNSSEC as an alternative to the CA model.
+ http://www.rfc-editor.org/rfc/rfc6698.txt
+
+
 8. GnuTLS

 8.1 SSL engine stuff
@@ -366,16 +373,6 @@ to provide the data to send.
 Add a way to check if the connection seems to be alive, to correspond to the
 SSL_peak() way we use with OpenSSL.

-8.4 non-gcrypt
-
- libcurl assumes that there are gcrypt functions available when
- GnuTLS is.
-
- GnuTLS can be built to use libnettle instead as crypto library,
- which breaks the previously mentioned assumption
-
- The correct fix would be to detect which crypto layer that is in use and
- adapt our code to use that instead of blindly assuming gcrypt.

 9. SMTP