[taken to the list, as Joe requested] On Wed, Jun 22, 2005 at 07:34:50AM +0100, Joe Orton wrote: > On Wed, Jun 22, 2005 at 09:21:23AM +1000, Matthew Palmer wrote: > > On Tue, Jun 21, 2005 at 10:05:20PM +0100, Joe Orton wrote: > > > > On Tue, 2005-06-21 at 21:31 +1000, Matthew Palmer wrote: > > > > > ne_openssl.c::dup_client_cert() requires that the certificate it is > > > > > duplicating is decrypted. Although that's a bit weird, what's > > > > > weirder is > > > > > that if the certificate *isn't* decrypted, it causes a segfault deep > > > > > in the > > > > > bowels of libssl. > > > > > > This isn't a bug, that should be no surprise given the API constraint: > > > > > > /* Use the given client certificate for the session. The client cert > > > * MUST be in the decrypted state, otherwise behaviour is undefined. */ > > > void ne_ssl_set_clicert(ne_session *sess, const ne_ssl_client_cert > > > *clicert); > > > > "Obey this comment (buried in a header file) or I will segfault" is not > > robust behaviour. You *can* check this condition at runtime, it is far > > better to bomb out saying "your application programmer is a moron, you can't > > set an encrypted clicert" than "Ha ha, there's a segfault somewhere. Suck!" > > You say "buried in a header file" as if you have some better description > of the API somewhere which omits to mention this constraint. If you're
I was using the best description possible: the source code. ne_openssl.c:479. By trawling down into that function, and looking at dup_client_cert (which is a private function) there we see a quick comment about encrypted certs. But the public function I used does not make mention of the need for decryptedness. API docs or not, though, programmers are going to make stupid mistakes, like not decrypting their certificates. Segfaulting is not an appropriate response to a problem which is so easily checked at runtime by neon. > not reading the header file (or ref docs) to find out how the API is The ref docs[1] are out of date. They don't even mention any clicert functions. > Please take further discussion to [email protected], this is not > Debian-specific. Done. - Matt [1] http://www.webdav.org/neon/doc/html/ I'd be interested to know if there's something more recent. _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
