On Fri, 2009-06-26 at 16:53 +0200, Dr. Stephen Henson wrote: > Sorry for delay in replying doing a shed load of other stuff at present. The > patch looks OK but will make a few minor changes to it, set the cert in > X509_STORE_CTX_init() instead of the structure accedd.
Does it help if I resubmit a patch with that fixed? > Also doing fprintf() of the verify code is a definite no-no. Er, where? > Also please include patches as plain text attachments as mailers can line wrap > and corrupt them if they are inline. Mine doesn't... does yours? :) > I did get a bit sidetracked looking at that code too. The DTLS and SSL/TLS > versions of *_output_cert_chain() are almost identical and some code > duplication could be avoided by combining the two. Yeah, I did think about that briefly -- but didn't do it because I can't easily test the DTLS part. Either way, I think it belongs in a separate changeset, rather than mixed in with the real fix. I even thought twice about the cleanup I _did_ do, but that's a lot simpler and kind of justified because otherwise the simple fix would be taking us to _three_ identical copies of the same code in each affected C file. -- dwmw2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
