[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.

On Tue, Feb 19, 2013 at 12:22 PM, Catalin Patulea <catalinp@xxxxxxxxxx> wrote:
> Signed-off-by: Catalin Patulea <catalinp@xxxxxxxxxx>
> ---
>  .gitignore            |   1 +
>  sample/https-client.c | 207 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  sample/include.am     |   5 ++
>  3 files changed, 213 insertions(+)
>  create mode 100644 sample/https-client.c

Looks like a good start!

Patrick, do you have time to have a look at this?  I'm hoping you'll
have some ideas of whether or not this is the right way to write this.

Some initial comments:

   * It could sure use comments!

   * This is dangerous code; it doesn't do any certificate validation
so far as I can see, and as such gets zero protection from
man-in-the-middle attacks.  People who don't know how to use TLS will
be copying our examples here, so we need to make sure to get the
security right.
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.