Ralf S. Engelschall wrote:
>
> In article <[EMAIL PROTECTED]> you wrote:
> > Ralf S. Engelschall wrote:
> >> What makes you thinking that the settings are blown away by
> >> SSL_use_certificate and friends? These functions already have checks like ``if
> >> ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))'' which
> >> prevents them from blowing away the settings, Ben.
>
> > Scrambled brains. You are right.
>
> > A related point: I really object to all this duplicated code, such as
> > the above. It really ought to be wrapped up in some function somewhere.
> > In fact, I'll bet if all the duplicated code were removed from OpenSSL
> > it would be 50% of the size or less. As well as much easier to maintain.
>
> Good suggestion. Your wish is my pleasure. I've changed my patch to use a
> ssl_cert_renew() function which and also reduced all six occurences in
> ssl_rsa.c of the redundant code by calls to this new function (yes, it reduces
> the amount of code lines dramatically). Votes for the appended take 3 of my
> patch?
Hmmm ... I would have made two functions to do the ssl_cert_renew() -
one for a session, one for the context, and generated the error within
them rather than in the caller. I'm also not sure about the name
"renew", which implies it would do something even if cert is already
set, which it won't. I'd've used "instantiate".
But I won't block the patch for those (I may change it after its
committed, though).
+1.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
