On Mon, Sep 12, 2005 at 04:02:02PM +0100, David Reid wrote:
> Following the comments from Joe, here is a revised patch that should
> work better :-) I've tried to add a sensible comment about why we have
> both functions listed.
"OpenSSL... isn't up to much" isn't really very helpful (or sensible).
If the problem is that X509_ext_print will only handle particular types
of extension and that you can fall back on ASN1_print for extensions
which are simple e.g. string types then say that and cut out the waffle.
> It removes the nastiness of the len pointer and also converts the
> extlist fucntion to simply call into ssl_ext_lookup.
That's pretty nasty, going through all the setup overhead and iterating
through the extension list again for each call. But you miss my point:
the overlap in functionality is a bad thing not an missed opportunity
for refactoring.
> I've changed the log level down to INFO.
DEBUG is the maximum acceptable IMO.
joe
|