DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41123>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41123 ------- Additional Comments From [EMAIL PROTECTED] 2007-11-27 09:13 ------- Changes in second patch: 1) fixed to check URI scheme, and correctly free "values" stack per Steve's comment 2) drop the duplicate X509_STORE_CTX & X509_STORE creation. I can't see why this is necessary; Marc, can you explain what that was for? OCSP_basic_verify() creates its own X509_STORE_CTX anyway in which to do the verify the response signature, so it was never used directly. Dropping this doesn't seem to make any difference to result in testing, either. Was this just here to allow for future customisation of how the response signature is verified? 3) simplified some more logging/debugging. Uses the new ssl_log_cxerror() function added on the trunk to log cert details as context. Steve, thanks for a lot for the review - agree with your points (3) and (4) but would like to address these later. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
