On Mon, 22 Apr 2013, Nick Zitzmann wrote:
I'm asking for feedback on a proposed change: I've implemented using a
client certificate for TLS authentication in the curl_darwinssl code, but I
had to make it work differently than the other back-ends, because Apple's
Security framework expects the certificate and private key to be in the
system or user Keychain instead of in a file on the disk.
So when the user uses the --cert option in the curl tool, they would provide
the name of the certificate from the Keychain instead of a file, and would
not have to provide a private key. I think NSS works the same way, but
before I commit, I was wondering if it's okay if we do this if the
difference is documented (which I did, in the man pages)?
I think it is fine to do like this, yes. And yes, document the differences in
the suitable places for the options in the man pages.
To me it sounds similar to how the NSS backend does things...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
