On Tue, Jun 21, 2005 at 11:42:27PM +0200, Laszlo Boszormenyi wrote: > On Tue, 2005-06-21 at 22:05 +0100, Joe Orton wrote: > > Hi Laszlo, please feel free to forward neon bug reports directly to the > > mailing list, [EMAIL PROTECTED] > I have corrected it by now. > > > This isn't a bug, that should be no surprise given the API constraint: > > > > /* Use the given client certificate for the session. The client cert > > * MUST be in the decrypted state, otherwise behaviour is undefined. */ > > void ne_ssl_set_clicert(ne_session *sess, const ne_ssl_client_cert > > *clicert); > > Ups, it is in src/ne_session.h , right. But well, wouldn't it be better > if ne_ssl_set_clicert([...]) contains the check if the client > certificate is not decrypted and thus does not dump core?
No, it wouldn't be better, because it would add unnecessary complexity to both the implementation and the interface, and the application would still behave incorrectly anyway. This is documented policy: see the "Argument Validation" section in "man neon". Regards, joe _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
