apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r597209 - in /apr/apr-util/trunk: CHANGES build/ssl.m4 include/apr_buckets.h include/apr_ssl.h include/private/apr_ssl_openssl_private.h ssl/apr_ssl_openssl.c ssl/apr_ssl_winsock.c
Date Thu, 22 Nov 2007 14:56:54 GMT
On Thu, Nov 22, 2007 at 02:40:40PM +0000, Joe Orton wrote:

> > +#if HAVE_DECL_EVP_PKEY_CTX_NEW
> > +            /* load certs */
> > +            data->sslCtx = SSL_CTX_new(SSLv23_server_method());
> 
> Again dead code, and weird code - why mess with an SSL_CTX if doing 
> encryption?

Ah, I missed the ssl.m4 change.

The apr_evp_factory_create() interface is just poor API design.  Instead 
of having the "purpose" enum and a single function which ignores half 
the arguments depending on which "purpose" is used, have two separate 
functions.  The "engine" argument seems completely unused and 
undocumented, also.

All the SSL_CTX seems to be used for is to read PEM-format files, which 
is massive overkill; "man PEM".

As with the existing SSL code there is absence of consideration of how 
to handle the OpenSSL error stack and abstracting errors; at least 
clearing it after failure would be the minimal acceptable if there are 
no errors which need to be distinguished in the API.

joe

Mime
View raw message