apt-https authentication
I have not heard back for a long time now - meanwhile I'm continuing my
work on authentication. At first I thought I could guarantee integrity of
recieved deb packages through signatures but it seems that signatures are
at maximum at draft stage and everything remains to be implemented on the
Debian infrastructure side.
So I have looked into SSL authentication through certificates. I have
studied stunnel because it seems to have the smallest codebase and seems
to implement everything that is needed.
It looks to me as if it would be best to rip ssl.c out of stunnel and put
it into the apt codebase as is, 1:1 without change and just make
bool ConnectSSL(int Fd,SSL ** Ssl);
a wrapper around it.
ssl.c seems to be very clean and handles a lot of stuff and leaves open a
lot of options on how to handle certificates, authentication etc. If we
just take it from stunnel as is we'll have the advantage of being able to
follow improvements/fixes in the ssl.c code "for free". Alternatively we
could use some library - I have searched the net a bit but I have not
found any except for KeyNote which seems to be overkill and does not make
things easier for the user.
As allways, comments wellcome, I'm proceeding,
*t
-----------------------------------------------------------------------
Tomas Pospisek
sourcepole - Linux & Open Source Solutions
http://sourcepole.com
Elestastrasse 18, 7310 Bad Ragaz, Switzerland
Tel:+41 (81) 330 77 13, Fax:+41 (81) 330 77 12
------------------------------------------------------------------------
--
To UNSUBSCRIBE, email to deity-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: