On Fri, 12 Jun 2009, Nanako Shiraishi wrote:
It would be ideal if you can inspect the certificate and decide if you need to ask for decrypting password before using it (and otherwise you don't ask). If you can't do that, probably you can introduce a config var that says "this certificate is encrypted", and bypass your new code if that config var isn't set.
Is this really a common setup? Using an unencrypted private key sounds like a really bad security situation to me. The certificate is never encrupted, the passphrase is for the key.
And for the libcurl not supporting this, I figure it _could_ be done by simply letting libcurl prope the remote and see if it can access it without a passphrase as that would then imply that isn't necessary.
I'm not familiar enough with the code and architecture to deem how suitable such an action would be.
-- / daniel.haxx.se -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html