[Nut-upsdev] [nut-commits] svn commit r2804 - in branches/ssl-nss-port: clients server
Arjen de Korte
nut+devel at de-korte.org
Fri Jan 7 20:10:12 UTC 2011
Citeren Emilien Kia <emilienkia-guest op alioth.debian.org>:
> Modified: branches/ssl-nss-port/server/conf.c
> ==============================================================================
> --- branches/ssl-nss-port/server/conf.c Wed Jan 5 21:12:03 2011 (r2803)
> +++ branches/ssl-nss-port/server/conf.c Thu Jan 6 10:27:55 2011 (r2804)
> @@ -178,6 +178,22 @@
> return 1;
> }
>
> + /* CERTREQUEST ("NO" | "REQUEST" | "REQUIRE") */
> + if (!strcmp(arg[0], "CERTREQUEST")) {
> + if (strcasecmp(arg[1], "REQUEST") == 0) {
> + certrequest = NETSSL_CERTREQ_REQUEST;
> + } else if (strcasecmp(arg[1], "REQUIRE") == 0) {
> + certrequest = NETSSL_CERTREQ_REQUIRE;
> + } else if (strcasecmp(arg[1], "NO") == 0) {
> + certrequest = NETSSL_CERTREQ_NO;
> + } else {
> + upslogx(LOG_WARNING, "CERTREQUEST in upsd.conf accept only values "
> + "\"REQUEST\", \"REQUIRE\" or \"NO\", assuming \"NO\"");
> + certrequest = NETSSL_CERTREQ_NO;
> + }
> + return 1;
> + }
> +
From a maintenance point of view, the validation of the CERTREQUEST
parameter should be handled in 'netssl.c', not here. We really don't
want to mess with this here, to prevent having to change 'conf.c' too
often when something changes in the NSS code.
Likewise, it would be useful if this would only be compiled in if the
NSS library is actually used (same for CERTPATH and CERTIDENT). It
would be better to complain about invalid parameters than to fail
later on.
Best regards, Arjen
--
Please keep list traffic on the list (off-list replies will be rejected)
More information about the Nut-upsdev
mailing list