httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Sylvester <peter.sylves...@edelweb.fr>
Subject Re: svn commit: r798359 - in /httpd/httpd/branches/2.2.x: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c support/ab.c
Date Wed, 29 Jul 2009 06:57:36 GMT

> I looked at the patch in question and it seems reasonable to me. That should
> work fine on much older versions of OpenSSL it's just that now some things are
> enforced that weren't before.
>   
A little nit in ssl_engine_init.c:
instead of

-        SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
+        SSL_CTX_set_client_CA_list(ctx, (STACK_OF(X509_NAME) *)ca_list);

I think I'd prefer 

+        SSL_CTX_set_client_CA_list(ctx, ca_list);

and a few lines later instead of

ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx);

   it should be 

ca_list = SSL_CTX_get_client_CA_list(ctx);


> There is some non-portable code round there that accesses extensions in a most
> convoluted fashion for some unknown reason.
>   
the stuff in ..vars.c ssl_ext_list?
> Steve.
>   
/p

Mime
View raw message