httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41123] - Support of OCSP in mod_ssl (rewritten patch from bug #31383)
Date Wed, 07 Feb 2007 13:15:49 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41123>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41123





------- Additional Comments From jorton@redhat.com  2007-02-07 05:15 -------
>From review of attachment in comment 6:

A couple of things which make this code hard to review:
- many code style issues with this code; tabs, many indenting problems,
whitespace around if statements, see: 
http://httpd.apache.org/dev/styleguide.html and be familiar with existing httpd
code 
- don't use C++-style comments
- lots of stretches of code have been commented out rather than just deleted. 
If they aren't needed, delete them.

General review:
- don't log anything in the ssl_cmd_* functions, this doesn't add much
- don't invent macros for logging in ssl_ocsp.c, just use ap_log_* directly
- when and where is NO_OCSP supposed to be defined?  this needs an autoconf
check presumably; call the define MODSSL_something
- if it's useful for users to be able configure a proxy make it properly
configurable, otherwise remove the debugging code
- X509_Int2Str() should be static and have a name outside a namespace owned by
OpenSSL.  Use of the static result buffer inside is not thread-safe.
- use pools not malloc
- using pools, and pool cleanups, or just better function structure, should be
able to eliminate the excessive use of goto in VerifyOCSP
- GetExtensionValue looks scary.  Why is this not looking up extensions by NID,
can X509_get_ext_d2i not be used here?
- also a bit scared about using the toy HTTP/1.0 client in OpenSSL :(

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message