>
>o The whole fperr stuff is not needed (and acceptable). mod_ssl provides a
> really sophisticated logging mechanism through ssl_log() which the user
can
> configure and adjust. You should use this, please. Additionally you use
> insecure things ``fperr = fopen(..'' without error checks. And the use
of
> a static fperr isn't a good idea, too. mod_ssl uses no global variables
> for thread safety and other reasons.
You're right, that was just for my internal debug use, but I forget to
change it.
Will be correct use a bio_err for error log ? (I'm still studing to
understand how to use a bio structure in the right way).
>o whenever you do I/O you should use the ap_fopen() and friends
> functions and not directly stdio stuff. Additionally unsafe
> things like sprintf() has to be replaced with ap_snprintf().
>
>o hard-coded things like ``fopen("/m/home/giacob/...'' or ``ldapservers =
> "callisto.comune.modena.it:3389"'' are not acceptable. Every used
> parameter either has to be a generic one which fits all situations or
has
> to be user configurable via an Apache config directive.
How can I set some env vars via Apache config directive to describe all
ocsp-ldap context in httpd.conf ? (ldap-servers, ldap-dn, ldap-passwd,
ocsp-ldap-enable...)
>
>So, in short: I think the stuff is still not ready for inclusion, but when
you
>work on the above points it will be a very useful extension in the future.
>Thanks for your efforts.
Thanks for your usefull suggestion, I'll work on it.
Andrea
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
