[Pkg-openssl-devel] Bug#303145: Bug#303145: Patch

Scott Schaefer saschaefer at neurodiverse.org
Thu Jun 16 01:41:12 UTC 2011 

On 06/13/2011 10:08 PM, Scott Schaefer wrote:
> On 06/13/2011 06:10 AM, Kurt Roeckx wrote:
>> On Fri, May 06, 2011 at 08:35:57AM -0400, Scott Schaefer wrote:
>>> See attached.  Prints "completion" message only on successful return.
>>>
>>> Also fixes bug which prevents executing -newreq-nodes option, and
>>> includes newer options in usage message.
>> Can you also check the CA.sh script for the same problems?
>>
>>
>> Kurt
>
> I will be glad to submit patch for CA.sh, since, on quick review, it 
> indeed has same two problems as CA.pl; i.e.
>    1) It prints "success" messages, even on failure of underlying SSL 
> command(s), and
>    2) The usage message in lacking the newer, added valid arguments,
>
> This will probably require 24-48 hours, since I have travel commitment 
> tomorrow.
>
> OTOH, my assertion that my original patch for CA.pl 'fixes bug which 
> prevents executing -newreq-nodes option' is WRONG.  I badly misread 
> that code in order to conclude what I did; i.e. the original code does 
> execute both -newreq and -newreq-nodes options correctly.
>
> Note the patch still correctly executes both options, and both did 
> incorrectly print "success" message even on failure of underlying SSL 
> command.  For this reason, I would prefer to leave the patch intact, 
> and simply change the second part of the description to only "Also 
> includes newer options in usage message".  If you prefer, I can submit 
> revised patch file that does not re-order the testing of command-args 
> vs patterns /^-newreq$/ and/^-newreq-nodes$/.
>

Attached are two patches.  The first is a replacement for the original 
and applies to CA.pl.  The second is new, and applies to CA.sh.

Please note that both of these are less-than-thoroughly tested.  I have 
verified most of the functionality, but not all of the boundary cases 
which I would normally test before releasing as production code.  In 
addition, the original(s) had some inconsistencies and unclear design 
choices which I am not certain I understand the rationale for.

However, I am starting my first vacation of more than three days in over 
six years tomorrow morning, and will be unable to test any more until my 
return.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: CA_pl_fail_correct.patch
Type: text/x-patch
Size: 6433 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20110615/ac53e01c/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CA_sh_fail_correct.patch
Type: text/x-patch
Size: 3446 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20110615/ac53e01c/attachment-0007.bin>

More information about the Pkg-openssl-devel mailing list