summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2020-07-30 12:25:05 -0400
committerJay Satiro <raysatiro@yahoo.com>2020-07-30 12:25:05 -0400
commit40909c405b090812b28b9a6c09a9cf8360a5631a (patch)
tree6b3c0a75bec0fc6b0c584cb48ac9998f5ec70eb7
parenta12a16151aa33dfd5e7627d4bfc2dc1673a7bf8e (diff)
downloadcurl-40909c405b090812b28b9a6c09a9cf8360a5631a.tar.gz
TODO: Schannel: 'Add option to allow abrupt server closure'
We should offer an option to allow abrupt server closures (server closes SSL transfer without sending a known termination point such as length of transfer or close_notify alert). Abrupt server closures are usually because of misconfigured or very old servers. Closes https://github.com/curl/curl/issues/4427
-rw-r--r--docs/TODO10
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index bdf6a87b5..d1a3a75ec 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -123,6 +123,7 @@
15.1 Extend support for client certificate authentication
15.2 Extend support for the --ciphers option
15.3 Add option to disable client certificate auto-send
+ 15.4 Add option to allow abrupt server closure
16. SASL
16.1 Other authentication mechanisms
@@ -842,6 +843,15 @@ that doesn't exist on the server, just like --ftp-create-dirs.
https://github.com/curl/curl/issues/2262
+15.4 Add option to allow abrupt server closure
+
+ libcurl w/schannel will error without a known termination point from the
+ server (such as length of transfer, or SSL "close notify" alert) to prevent
+ against a truncation attack. Really old servers may neglect to send any
+ termination point. An option could be added to ignore such abrupt closures.
+
+ https://github.com/curl/curl/issues/4427
+
16. SASL
16.1 Other authentication mechanisms