Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 47199 invoked from network); 29 Nov 2007 21:04:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 29 Nov 2007 21:04:05 -0000 Received: (qmail 43861 invoked by uid 500); 29 Nov 2007 21:03:50 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 43491 invoked by uid 500); 29 Nov 2007 21:03:49 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 43480 invoked by uid 99); 29 Nov 2007 21:03:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Nov 2007 13:03:49 -0800 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jorton@redhat.com designates 66.187.233.31 as permitted sender) Received: from [66.187.233.31] (HELO mx1.redhat.com) (66.187.233.31) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Nov 2007 21:03:51 +0000 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.1) with ESMTP id lATL3UMb024843 for ; Thu, 29 Nov 2007 16:03:30 -0500 Received: from turnip.manyfish.co.uk (IDENT:U2FsdGVkX19t2JAxoNvc0iXm/RC8AEJhID0Zyy9Jtb0@vpn-14-229.rdu.redhat.com [10.11.14.229]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id lATL3TAf001193 for ; Thu, 29 Nov 2007 16:03:30 -0500 Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.68) (envelope-from ) id 1IxqXh-0006eF-3f for dev@httpd.apache.org; Thu, 29 Nov 2007 21:03:29 +0000 Date: Thu, 29 Nov 2007 21:03:29 +0000 From: Joe Orton To: dev@httpd.apache.org Subject: Re: svn commit: r599385 - in /httpd/httpd/trunk: ./ modules/ssl/ Message-ID: <20071129210329.GA24695@redhat.com> Mail-Followup-To: dev@httpd.apache.org References: <20071129111843.69CBA1A9832@eris.apache.org> <474F1AE3.5050902@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <474F1AE3.5050902@apache.org> User-Agent: Mutt/1.5.17 (2007-11-01) Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in UK and Wales under Company Registration No. 03798903 Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA) X-Virus-Checked: Checked by ClamAV on apache.org On Thu, Nov 29, 2007 at 09:02:43PM +0100, Ruediger Pluem wrote: > > ============================================================================== > > --- httpd/httpd/trunk/CHANGES [utf-8] (original) > > +++ httpd/httpd/trunk/CHANGES [utf-8] Thu Nov 29 03:18:40 2007 > > @@ -2,6 +2,9 @@ > > Changes with Apache 2.3.0 > > [ When backported to 2.2.x, remove entry from this file ] > > > > + *) mod_ssl: Add support for OCSP validation of client certificates. > > + PR 41123. [Marc Stern , Joe Orton] > > + > > Shouldn't we add Steve to this? As far as I followed the discussion in > Bugzilla he contributed very valuable points and we have credited > people for less in the past :-). Discussing this stuff makes me slightly uncomfortable, but I try to follow a strict rule: credit in CHANGES exactly the set of people who contributed actual lines of code. Steve was credited in the commit messages as a reviewer. Such review is invaluable, no argument at all :) ... > > +/* Send the OCSP request serialized into BIO 'request' to the > > + * responder at given server given by URI. Returns socket object or > > + * NULL on error. */ > > +static apr_socket_t *send_request(BIO *request, const apr_uri_t *uri, > > + conn_rec *c, apr_pool_t *p) > > +{ > > + apr_status_t rv; > > + apr_sockaddr_t *sa; > > + apr_socket_t *sd; > > + char buf[HUGE_STRING_LEN]; > > Is it really a good idea to store this on the stack? Shouldn't we allocate > this from the pool? Hmmm, "shrug" - stack is cheaper than heap. ... > > + while ((len = BIO_read(request, buf, sizeof buf)) > 0) { > > + char *wbuf = buf; > > + apr_size_t remain = len; > > + > > + do { > > + apr_size_t wlen = remain; > > + > > + rv = apr_socket_send(sd, wbuf, &wlen); > > + wbuf += remain; > > + remain -= wlen; > > + } while (rv == APR_SUCCESS && remain > 0); > > Why do we need remain here and do not use len directly? Really only to make the types match; len is an int but wlen must be an apr_size_t. ... > > + count = 0; > > + while ((line = get_line(tmpbb, bb, c, p)) != NULL && line[0] > > + && ++count < MAX_HEADERS) { > > + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, > > + "OCSP response header: %s", line); > > + } > > Why don't we exit with an error message if count > MAX_HEADERS? Good catch, will fix. ... > > + apr_brigade_destroy(bb); > > + apr_brigade_destroy(tmpbb); > > We miss to destroy the brigades in the cases above where we return NULL. They are allocated out of the pool, so it Shouldn't Matter (TM). Thanks for the review! joe