Re: [xml] SSL/TLS support

Well, w/o random generator seed you'll not be able to generate session keys
for SSL and by this you'll not be able to start the connection. In the same time, w/o trusted certificates initialized, your client will not be able to verify the certificate that server sends to you and by this the handshake fails (and the connection is failed). These are not security measures but steps to establish the connection.


Igor Zlatkovic wrote:

Hi Alexey,

those points are correct, that is true. In this stage, my intention was
simply to fetch documents through a SSL channel, not to improve the
transport security in any way. Therefore, I didn't care about initialising
the random generator, nor did I pay attention to the validity or revocation
of the server's certificate. Those things would come later, if SSL comes
into libxml at all.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]