Hi, > Florian I'm happy to look at this now with you > > But based on the old discussion I'm not certain I'm happy with the > final result. > > IMO - here's what we need in these: > > 1) If you specify nothing, you should get the default. > 2) If you specify a CAfile, and there is no failure in loading it, > you should get that. > 3) If any failure occurs in either case 1 or case 2 the program > should fail. Do not continue with something else. > > Try for the above
Well, that's what the patch does? (With the slight modification that case 2 also covers the CApath option, that is ...) Or do you mean that the whole program should abort instead of just warning that the requested CAs couldn't be loaded and then just letting the verification failure happen? While that in principle certainly would be sane default behaviour, I am not sure whether it's a good idea in this case: At least s_server and s_client are primarily debug tools and don't abort on authentication failure anyhow, but just print a message, and also, I am not sure whether the default CAs can always be expected to be available? The primary purpose of the patch is to make the output correctly reflect the authentication status relative to what the user specified, so it doesn't mislead the user when testing stuff, not to make it a secure TLS client or server for production use. Regards, Florian
