[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
From: Catalin Patulea <catalinp@xxxxxxxxxx>
Date: Tue, 19 Feb 2013 17:07:47 -0500
Cc: Patrick Pelletier <ppelletier@xxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Tue, 19 Feb 2013 17:07:51 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=GgQmuB7wOwDjYbjg+EDyQGymJjG+EXFDEEQZmhAczm0=; b=WAXTrWekqcfriNyGuiBfq++t9lt3E3Ub6hpN0HUwvdGpxhWJN1L6EtInXer5cQEOpO zEq3Grab/FurSmfBCqgdJ4f9u7dPFBnN5jS/TcnX5Sv4cJjDMMJrnThp6OqST2ae6z/B gbTLc4A3YLI0VWZRz1rtPDoD7AxeG3FOJWiJfpguSqC8ym/Yrdwet7QNl5sIKeyqUP6h FdkkxalR5qWdJplDnxqZzz5DIR+qkXAn8PJ4TEzeZuBuJprr6HZyOQNWWoid69u++Kcc Mt8KZWRVa2z8JBc1VPdYrnMiK4WlGkQ5bWp+JuuDKlF7jiArfb46rpcxuqH/ra9VXCgb yAoQ==
In-reply-to: <CAKDKvuwG_1631y5X+i_HRs=S5iOEoQu-ifmqu9cMPs=9hV-Tkg@xxxxxxxxxxxxxx>
References: <1361294551-21026-1-git-send-email-catalinp@xxxxxxxxxx> <CAKDKvuwG_1631y5X+i_HRs=S5iOEoQu-ifmqu9cMPs=9hV-Tkg@xxxxxxxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx

On Tue, Feb 19, 2013 at 3:05 PM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
>    * It could sure use comments!
Can you be more specific? This all feels like a lot of boilerplate to
me. Parse the URL, initialize OpenSSL, create some bufferevents. I'm
not sure what more I can say that a reader of bufferevent.h,
bufferevent_ssl.sh and SSL_new(3) etc. doesn't already know.

>    * This is dangerous code; it doesn't do any certificate validation
> so far as I can see, and as such gets zero protection from
> man-in-the-middle attacks.  People who don't know how to use TLS will
> be copying our examples here, so we need to make sure to get the
> security right.
SSL_CTX_set_verify(SSL_VERIFY_PEER, NULL); sound about right to you?

I'm trying to figure out whether OpenSSL distributes a set of CA certs
and initializes the path or whether I need to do this myself - any
idea?
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Follow-Ups:
- Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
  - From: Jardel Weyrich

References:
- [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
  - From: Catalin Patulea
- Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
  - From: Nick Mathewson

Prev by Author: Re: [Libevent-users] Re: [PATCH] http: on connection reset, detach the closed fd from the bufferevent
Next by Author: Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
Previous by thread: Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
Next by thread: Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
Index(es):
- Author
- Thread