serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Pinning and Serf
Date Thu, 19 Jan 2017 20:47:25 GMT
I am looking at server certtifcate pinning (Spec: https://tools.ietf.org/html/rfc7469, testcase/example
https://projects.dm.id.lv/Public-Key-Pins_test) .

Has any one wired this up already for Serf - or were would be the proper place* where one
would have neatly re-joined headers and all that ? And 
could break out upon the first sign of trouble early & sensibly.

Suggestions and examples very welcome.

Dw.

* am currently using a bit of an dirty and late 'at the very end check' hack (via serf_bucket_request_get_headers()
and a small side channel wired
up to serf_ssl_server_cert_chain_callback_set() - but cannot believe I need some 20k of code
to just have serf do an https fetch.




Mime
View raw message