From: Daniel Stenberg Date: Sat, 28 Jul 2018 21:26:42 +0000 (+0200) Subject: TODO: Support Authority Information Access certificate extension (AIA) X-Git-Tag: curl-7_61_1~114 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1fb8048abb25c211116bb147e2d80e25e47fd1cc;p=curl TODO: Support Authority Information Access certificate extension (AIA) Closes #2793 --- diff --git a/docs/TODO b/docs/TODO index 269c93006..ec673f461 100644 --- a/docs/TODO +++ b/docs/TODO @@ -113,6 +113,7 @@ 13.7 improve configure --with-ssl 13.8 Support DANE 13.9 Configurable loading of OpenSSL configuration file + 13.10 Support Authority Information Access certificate extension (AIA) 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 13.12 Support HSTS 13.13 Support HPKP @@ -779,6 +780,17 @@ that doesn't exist on the server, just like --ftp-create-dirs. See https://github.com/curl/curl/issues/2724 +13.10 Support Authority Information Access certificate extension (AIA) + + AIA can provide various things like CRLs but more importantly information + about intermediate CA certificates that can allow validation path to be + fullfilled when the HTTPS server doesn't itself provide them. + + Since AIA is about downloading certs on demand to complete a TLS handshake, + it is probably a bit tricky to get done right. + + See https://github.com/curl/curl/issues/2793 + 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root