summaryrefslogtreecommitdiff
path: root/docs/TODO
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-07-28 23:26:42 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-07-28 23:26:42 +0200
commit1fb8048abb25c211116bb147e2d80e25e47fd1cc (patch)
treea0dede127e4c093359c8a14ae5e0273f9124c470 /docs/TODO
parent10061f475e7251d66dd6e76f18c8643381b58965 (diff)
downloadcurl-1fb8048abb25c211116bb147e2d80e25e47fd1cc.tar.gz
TODO: Support Authority Information Access certificate extension (AIA)
Closes #2793
Diffstat (limited to 'docs/TODO')
-rw-r--r--docs/TODO12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index 269c93006..ec673f461 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -113,6 +113,7 @@
13.7 improve configure --with-ssl
13.8 Support DANE
13.9 Configurable loading of OpenSSL configuration file
+ 13.10 Support Authority Information Access certificate extension (AIA)
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
13.12 Support HSTS
13.13 Support HPKP
@@ -779,6 +780,17 @@ that doesn't exist on the server, just like --ftp-create-dirs.
See https://github.com/curl/curl/issues/2724
+13.10 Support Authority Information Access certificate extension (AIA)
+
+ AIA can provide various things like CRLs but more importantly information
+ about intermediate CA certificates that can allow validation path to be
+ fullfilled when the HTTPS server doesn't itself provide them.
+
+ Since AIA is about downloading certs on demand to complete a TLS handshake,
+ it is probably a bit tricky to get done right.
+
+ See https://github.com/curl/curl/issues/2793
+
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root