ceca1cf156
# Added functionality to enable CRL checking for CURL on linux. This one is somewhat unpleasant and much larger than expected. This pull request enables two pieces of functionality: 1. The ability to specify a known root certificate to the CURL HTTP transport (instead of a certificate file). 2. The ability to enable CRL validation (normally this is disabled in libCURL). Enabling CRL validation ended up pulling in a significant chunk of code from azure-c-shared-util which handled retrieving CRLs (I was unable to find code in libCURL to do this). Native LibCURL support for CRL validation is limited to the schannel SSL backend (Windows Only). This change also adds logic to the CURL transport to enable the ability to ignore CRL retrieval errors (there doesn't seem to be a comparable way of doing this for WinHTTP so it is a CURL transport only option). To verify the root certificate logic, an extremely simple client for the SDK Test Proxy was written and is used to "record" a request to the C++ SDK HTTP server. |
||
|---|---|---|
| .. | ||
| attestation | ||
| core | ||
| identity | ||
| keyvault | ||
| storage | ||
| template | ||