Hi, On Mon, Feb 23, 2015 at 05:40:11PM +0300, Vasily Kulikov wrote: > > I agree -- the argument to --needs-external-cert should be optional. > > Note: Arne said about 'macos-keychain' prefix in the argument being > optional, not the argument itself being optional. Acually, I don't > think making the argument optional is a good idea -- its parsing would > be ambiguous unless it is the last argument in argv.
Oh, *that* is something our config parser does all the time :-) The question to me is "if we don't want to specify anything particular, because there is only one cert anyway, how would we do it?" - or is the assumption that we better should specify it always? [..] > > I'm not sure exactly how to add an argument to RSA_SIGN and > > NEEDS-CERTIFICATE without breaking existing management interface > > software but assume that is possible. (Also, the argument may need to > > be escaped when it is passed to RSA_SIGN or NEEDS-CERTIFICATE if it > > contains characters that are used as delimiters.) > > IMNSHO don't change rsa-sign at all and have no API breakage. That sounds like a reasonable approach to me. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpvLuH0I4ise.pgp
Description: PGP signature