Viktor Dukhovni:
> state->client_start_props->fd = state->ciphertext_fd;
> /* These predicates and warning belong inside tls_client_start(). */
> if (!tls_dane_avail() /* mandatory side effects!! */
> - &&TLS_DANE_BASED(state->client_start_props->tls_level))
> + && TLS_DANE_HASTA(state->client_start_props->dane))
> msg_warn("%s: DANE requested, but not available",
> state->client_start_props->namaddr);
> else
> @@ -1427,7 +1427,7 @@ static void tlsp_get_request_event(int event, void
> *context)
> }
> state->appl_state = tlsp_client_init(state->tls_params,
> state->client_init_props,
> - TLS_DANE_BASED(state->client_start_props->tls_level));
> + TLS_DANE_HASTA(state->client_start_props->dane));
> ready = state->appl_state != 0;
> break;
> case TLS_PROXY_FLAG_ROLE_SERVER:
This looks weird. I thought that the problem was with trust anchors, not DANE?
Wietse
