Hi, On Mon, Feb 23, 2015 at 05:40:11PM +0300, Vasily Kulikov wrote: > > I agree -- the argument to --needs-external-cert should be optional. > > Note: Arne said about 'macos-keychain' prefix in the argument being > optional, not the argument itself being optional. Acually, I don't > think making the argument optional is a good idea -- its parsing would > be ambiguous unless it is the last argument in argv.
Oh, *that* is something our config parser does all the time :-)
The question to me is "if we don't want to specify anything particular,
because there is only one cert anyway, how would we do it?" - or is the
assumption that we better should specify it always?
[..]
> > I'm not sure exactly how to add an argument to RSA_SIGN and
> > NEEDS-CERTIFICATE without breaking existing management interface
> > software but assume that is possible. (Also, the argument may need to
> > be escaped when it is passed to RSA_SIGN or NEEDS-CERTIFICATE if it
> > contains characters that are used as delimiters.)
>
> IMNSHO don't change rsa-sign at all and have no API breakage.
That sounds like a reasonable approach to me.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpvLuH0I4ise.pgp
Description: PGP signature
