On Tue, 2005-06-21 at 22:05 +0100, Joe Orton wrote: > Hi Laszlo, please feel free to forward neon bug reports directly to the > mailing list, [EMAIL PROTECTED] I have corrected it by now.
> This isn't a bug, that should be no surprise given the API constraint: > > /* Use the given client certificate for the session. The client cert > * MUST be in the decrypted state, otherwise behaviour is undefined. */ > void ne_ssl_set_clicert(ne_session *sess, const ne_ssl_client_cert *clicert); Ups, it is in src/ne_session.h , right. But well, wouldn't it be better if ne_ssl_set_clicert([...]) contains the check if the client certificate is not decrypted and thus does not dump core? As I see other functions have int as return type, and return with a status code (NE_OK or NE_ERROR). Maybe ne_ssl_set_clicert([...]) should be changed to use these status codes as a return value instead of being just void? OK, I know dup_client_cert([...]) is still vulnerable if the certificate is not already decrypted. Regards, Laszlo/GCS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
