[Nut-upsdev] [nut-commits] svn commit r2809 -branches/ssl-nss-port/server

EmilienKia at Eaton.com EmilienKia at Eaton.com
Mon Jan 10 09:13:26 UTC 2011 

Hi Arjen, Hi all,

The main reason is to homogenize directive names between apps (mainly upsmon which uses CERTPATH and upsd which uses CERTNAME) to set the same property.
Note that the CERTFILE directive is working but is just flagged as deprecated.

As ssl support compilation is exclusive (only openssl or nss at the same time), I do not see any reason to keep two directives in parallel (one per compile profile) doing the same thing (pointing to the certificate database, in the form of a single file or a directory).

About configuration directive, only CERTFILE/CERTPATH change of content (a directory instead of a file) but the semantic is kept unchanged. All other SSL related directives are just for NSS mode. So generate different .conf.sample files is IMHO disproportionate related to the too few alterations. Perhaps add few lines of comment in these .conf.sample files?

Any other comment or point of view?

BR,
Emilien

-----Message d'origine-----
De : nut-upsdev-bounces+emilienkia=eaton.com at lists.alioth.debian.org [mailto:nut-upsdev-bounces+emilienkia=eaton.com at lists.alioth.debian.org] De la part de Arjen de Korte
Envoyé : vendredi 7 janvier 2011 20:59
À : nut-upsdev
Objet : Re: [Nut-upsdev] [nut-commits] svn commit r2809 -branches/ssl-nss-port/server

Citeren Emilien Kia <emilienkia-guest at alioth.debian.org>:

> Author: emilienkia-guest
> Date: Fri Jan  7 14:44:25 2011
> New Revision: 2809
> URL: http://trac.networkupstools.org/projects/nut/changeset/2809
>
> Log:
> Deprecate CERTFILE conf var to the benefit of CERTPATH : homogenize  
> conf directive names.
>
> Modified:
>    branches/ssl-nss-port/server/conf.c

This patch breaks existing OpenSSL installations without valid reason,  
so I don't think this is a good idea.

It would be better to use CERTFILE if OpenSSL is used and CERTPATH  
(and friends) if NSS is used. By doing so, it would be immediately  
clear if a user is using OpenSSL or NSS. This would probably be  
beneficial in case people ask how to set this up.

In order for this to work, we should generate different  
'upsd.conf.sample' files depending on the SSL library used. This would  
be worthwhile anyway, for versions compiled with OpenSSL and where  
some of these keywords are not used at all (and would only confuse  
people setting this up).

Best regards, Arjen
-- 
Please keep list traffic on the list (off-list replies will be rejected)


_______________________________________________
Nut-upsdev mailing list
Nut-upsdev at lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev

--------------------------------------------------------------------------

More information about the Nut-upsdev mailing list