[Nagiosplug-devel] sslutils patch : show certificate subject

Thomas Guyot-Sionnest dermoth at aei.ca
Thu Dec 23 18:02:51 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10-12-03 12:26 PM, Stéphane Urbanovski wrote:
> No comments ?
> 

I do have some...

1.

+	char cn[128] = "?";

Where has 128 been taken from? Could is be defined as a macro, so
changing it doesn't require finding all the places where this number or
a derivative is used?

2.

+	if(! subj){
+		printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
+		return STATE_CRITICAL;
+	}

Why would that be critical? Is it possible that a cert do not specify a
subject, and still being used for authentication/encryption?

3. Shouldn't *subj be freed at the end?

4. Patch should use /* ... */ comments only, some c compilers do not
like c++-style  comments (// ...)

I can fix the comments; please address the first 3 points and then I can
look at applying the patch. This will also require some tests fixes and
additions, which I can do as well when find the time for that...

I'm particularly interested about #2: if this is the correct behaviour,
could you please link to some specification that say so? Otherwise I'd
rather retain the previous behaviour - or just use "unknown" - when the
subject cannot be retrieved.

Thanks

- -- 
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0TgLYACgkQ6dZ+Kt5BchaRdACg8HbvGtVdDP8nmbPYa0SEV7mW
J4UAnAh6m4zCuTUsqSz0eTDZG340FXll
=Ke+3
-----END PGP SIGNATURE-----




More information about the Devel mailing list