[Swan-dev] X509: more clearly log warning/errors based on NSS profile used
D. Hugh Redelmeier
hugh at mimosa.com
Fri Feb 22 21:15:03 UTC 2019
commit 30f132ab693ccc852dc03c24879f1eae07dd1dd1
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Feb 22 14:30:24 2019 -0500
X509: more clearly log warning/errors based on NSS profile used
I'm working on this code too :-(
I sure wish I better understood what it is trying to do.
There is evidence that you (Paul) don't understand the code 100%
either.
- log_bad_cert(cur_log->head);
+ log_bad_cert(usage == certificateUsageSSLClient ? "Warning" : "ERROR",
+ cur_log->head);
At this point, it is an ERROR. There is no way that a different
"usage" will be tried. As the comments above this say, the control
flow is tricky.
And why have two log messages for the same case?
I have rewritten (but not published) the code in a way that is
clearer, but still not clear enough.
I don't completely understand what "fin" means vs what "*bad" means. And I
don't yet trust the original code to have this right.
More information about the Swan-dev
mailing list