curl-library
Re: [PATCH 2/2] throw CURLE_SSL_CERTPROBLEM in case peer rejects a cert
Date: Fri, 19 Mar 2010 15:21:37 +0100
On Fri March 19 2010 14:40:54 Daniel Stenberg wrote:
> I just have a suggestion to change the implementation slightly:
>
> Instead of adding another field in a struct used only to return an extra
> error code, can't we for example return an CURLcode negative for specific
I think it would work. The only problem is we need to rewrite all the SSL
backends at one time. The proposed patch touches only the backend(s) which
really benefits from it. To be honest, I am not even able to test all of them
afterwards. Nevertheless if you are ready for such a change, I can prepare
the patch.
We also need to deal somehow with EWOULDBLOCK. Returning -1 in that case would
clash with -CURLE_UNSUPPORTED_PROTOCOL. I know we have a separate argument for
blocking, but -CURLE_UNSUPPORTED_PROTOCOL still makes
no sense in that case.
> errors from the Curl_ssl_send() function? Or even doing it with an extra
> argument like passing in the address of a variable to hold the error code?
At first glance I don't see any advantage in adding the argument over adding
a field into struct ssl_connect_data. We will still have two place to look
for the error, but need to rewrite all the SSL backends anyhow.
Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-03-19