subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1616096 - /subversion/branches/svn-auth-x509/subversion/include/svn_x509.h
Date Wed, 06 Aug 2014 04:58:48 GMT
Author: breser
Date: Wed Aug  6 04:58:47 2014
New Revision: 1616096

URL: http://svn.apache.org/r1616096
Log:
* subversion/include/svn_x509.h
  (svn_x509_parse_cert): Document that this function doesn't fully validate
    the data it returns.

Modified:
    subversion/branches/svn-auth-x509/subversion/include/svn_x509.h

Modified: subversion/branches/svn-auth-x509/subversion/include/svn_x509.h
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/include/svn_x509.h?rev=1616096&r1=1616095&r2=1616096&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/include/svn_x509.h (original)
+++ subversion/branches/svn-auth-x509/subversion/include/svn_x509.h Wed Aug  6 04:58:47 2014
@@ -50,6 +50,15 @@ typedef struct svn_x509_certinfo_t svn_x
  * buflen and return certificate information in @a *certinfo,
  * allocated in @a result_pool.
  *
+ * @note This function has been written with the intent of display data in a
+ *       certificate for a user to see.  As a result, it does not do much
+ *       validation on the data it parses from the certificate.  It does not
+ *       for instance verify that the certificate is signed by the issuer.  It
+ *       does not verify a trust chain.  It does not error on critical
+ *       extensions it does not know how to parse.  So while it can be used as
+ *       part of a certificate validation scheme, it can't be used alone for
+ *       that purpose.
+ *
  * @since New in 1.9.
  */
 svn_error_t *



Mime
View raw message