[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.



On Tue, Feb 19, 2013 at 12:22 PM, Catalin Patulea <catalinp@xxxxxxxxxx> wrote:
>
> Signed-off-by: Catalin Patulea <catalinp@xxxxxxxxxx>
> ---
>  .gitignore            |   1 +
>  sample/https-client.c | 207 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  sample/include.am     |   5 ++
>  3 files changed, 213 insertions(+)
>  create mode 100644 sample/https-client.c
>

Looks like a good start!

Patrick, do you have time to have a look at this?  I'm hoping you'll
have some ideas of whether or not this is the right way to write this.


Some initial comments:

   * It could sure use comments!

   * This is dangerous code; it doesn't do any certificate validation
so far as I can see, and as such gets zero protection from
man-in-the-middle attacks.  People who don't know how to use TLS will
be copying our examples here, so we need to make sure to get the
security right.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.