diff options
| author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-07-19 21:23:13 +0000 |
|---|---|---|
| committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-07-19 21:23:13 +0000 |
| commit | 811840564798065f6f156b14713f39425d0317f5 (patch) | |
| tree | c5191c96f0ee20d22f033c1a7f68411c325a1494 /BUGS | |
| parent | 79a105e972e2936c49a5e6c013fc3c784d03933b (diff) | |
| download | neon-811840564798065f6f156b14713f39425d0317f5.tar.gz | |
Fail with a useful error message in the case where a client cert is
requested during handshake, none can be provided, and the handshake
fails:
* src/ne_private.h (struct ne_session_s): Add ssl_cc_requested field.
* src/ne_openssl.c (provide_client_cert): Set ssl_cc_requested if
no cert is provided.
(ne__negotiate_ssl): Clear ssl_cc_requested before handshake.
Use different, more useful error message if handshake fails and flag
is now set.
* test/ssl.c (struct ssl_server_args): Add fail_silently flag.
(ssl_server): Exit with success if handshake fails and above flag set.
(no_client_cert): New test case.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1505 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
Diffstat (limited to 'BUGS')
| -rw-r--r-- | BUGS | 7 |
1 files changed, 0 insertions, 7 deletions
@@ -18,13 +18,6 @@ Known problems/bugs in neon -*- text -*- only cache on shutdown, since the SSL_SESSION may change during an ne_session? -* It would be nice to fail with a friendly error message if a client -cert is requested by the srever but one is not provided. Currently, -returning -1 from the provide_client_cert function would allow that -(as it forces the SSL handshake to fail), but that would prevent -opportunistic use of client certificates, of the "SSLVerifyClient -optional" variety. - * perhaps allow a per-Server-header hack for "Darwin Streaming Server 4.0" which doesn't terminate the response headers: http://bugzilla.gnome.org/show_bug.cgi?id=366331 |