Comments (7)
mmh. Is there a cheap version of bouncycastle that I can embed here ?
I don't want the lib to become a monster.
from curl.
(speaking of kilobytes)
from curl.
The standard lib will be several MB (5 or 6). Not sure if there are smaller libraries with the same support like BC. The TLS library alone is just 500k, but it needs the full crypto library of BC.
A hint to users of the library could be to use minimizers like proguard to strip down and remove unneeded dependencies. But Java crypto libraries have to signed. This will prevent this approach because the signature input data will be destroyed. It is also uncommon under Java EE / server implementations.
But for me these 6 MB sound ok. I cannot think of an alternative approach as long as the OpenJDK crypto library is not supporting elliptic curve in a wider sense. Also curl is using a SSL library (OpenSSL) which is 2 MB.
A middle way could be to make the BC and BCTLS Maven dependency optional. See here.
Any user interested in the advanced features would add BC manually. You can add this to the README.md. During the runtime you could check if the BC Provider class org.bouncycastle.jce.provider.BouncyCastleProvider
is available. If yes use it, if not use your existing code. As long as no BC method is touched this should work.
from curl.
Mmh why not. Optional dependencies, neat idea
from curl.
found a very naive workaround to make your junit test work. The trust self signed strategy is asserting the numbers of certs in the chain to be 1.
Let's just always return true in case of curl -k
.
Will be fixed that way in 0.0.33
from curl.
Does the proposed solution really passed the unit test? One problem I would have expected is that because the elliptic curve algorithm is not understood no session key can be agreed upon and the connection fails.
Another approach to let the user of Java curl manage this would be the add an option which specifies the TLS crypto provider. That way the user can set this crypto provider in his program code / or with a system configuration and curl would pick the correct one.
Another related problem could be the support of client TLS authentication. If the client key store is not supported because of an unsupported key store type and algorithm of the private key / certificate the connection will fail. Here also a crypto provider option for reading the key store and another option to specify the key store type would be handy.
from curl.
The naive fix works with the unit test, however this is not the long term fix.
We can still agree to handle the authentication using bouncy castle.
from curl.
Related Issues (20)
- is it possible to add --connect-timeout and --max-time. HOT 5
- way to get the response HOT 2
- StackOverflowError on POST with large json data HOT 4
- stackoverflowErorr for long curl, where we are calling `getArgsFromCommand()` HOT 1
- Argument -L doesn't work HOT 6
- add option for keystore password HOT 7
- Some Assistance re: Curl Parameters. HOT 2
- use dataurlencode HOT 4
- Can not upload a file HOT 6
- Upload base64 file stack overflow error HOT 4
- Streaming HOT 2
- sends two user-agent HOT 3
- Error: Invalid character found in method name [0x160x030x010x.....E0xe90x05I0x1c0x1e ]. HTTP method names must be tokens HOT 3
- java.lang.NoSuchMethodError: org.apache.commons.codec.binary.Base64 HOT 2
- Some help please. HOT 10
- sftp curl example HOT 1
- -T parameter support missing HOT 1
- proxy bug HOT 1
- ReadArguments OutOfMemoryError bug HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curl.