Citeren Emilien Kia <[email protected]>:
Modified: branches/ssl-nss-port/server/conf.c
==============================================================================
--- branches/ssl-nss-port/server/conf.c Wed Jan 5 21:12:03 2011 (r2803)
+++ branches/ssl-nss-port/server/conf.c Thu Jan 6 10:27:55 2011 (r2804)
@@ -178,6 +178,22 @@
return 1;
}
+ /* CERTREQUEST ("NO" | "REQUEST" | "REQUIRE") */
+ if (!strcmp(arg[0], "CERTREQUEST")) {
+ if (strcasecmp(arg[1], "REQUEST") == 0) {
+ certrequest = NETSSL_CERTREQ_REQUEST;
+ } else if (strcasecmp(arg[1], "REQUIRE") == 0) {
+ certrequest = NETSSL_CERTREQ_REQUIRE;
+ } else if (strcasecmp(arg[1], "NO") == 0) {
+ certrequest = NETSSL_CERTREQ_NO;
+ } else {
+ upslogx(LOG_WARNING, "CERTREQUEST in upsd.conf accept only
values "
+ "\"REQUEST\", \"REQUIRE\" or \"NO\", assuming
\"NO\"");
+ certrequest = NETSSL_CERTREQ_NO;
+ }
+ return 1;
+ }
+
From a maintenance point of view, the validation of the CERTREQUEST
parameter should be handled in 'netssl.c', not here. We really don't
want to mess with this here, to prevent having to change 'conf.c' too
often when something changes in the NSS code.
Likewise, it would be useful if this would only be compiled in if the
NSS library is actually used (same for CERTPATH and CERTIDENT). It
would be better to complain about invalid parameters than to fail
later on.
Best regards, Arjen
--
Please keep list traffic on the list (off-list replies will be rejected)
_______________________________________________
Nut-upsdev mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev
