[Nagiosplug-devel] sslutils patch : show certificate subject
Thomas Guyot-Sionnest
dermoth at aei.ca
Thu Dec 23 18:02:51 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10-12-03 12:26 PM, Stéphane Urbanovski wrote:
> No comments ?
>
I do have some...
1.
+ char cn[128] = "?";
Where has 128 been taken from? Could is be defined as a macro, so
changing it doesn't require finding all the places where this number or
a derivative is used?
2.
+ if(! subj){
+ printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
+ return STATE_CRITICAL;
+ }
Why would that be critical? Is it possible that a cert do not specify a
subject, and still being used for authentication/encryption?
3. Shouldn't *subj be freed at the end?
4. Patch should use /* ... */ comments only, some c compilers do not
like c++-style comments (// ...)
I can fix the comments; please address the first 3 points and then I can
look at applying the patch. This will also require some tests fixes and
additions, which I can do as well when find the time for that...
I'm particularly interested about #2: if this is the correct behaviour,
could you please link to some specification that say so? Otherwise I'd
rather retain the previous behaviour - or just use "unknown" - when the
subject cannot be retrieved.
Thanks
- --
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0TgLYACgkQ6dZ+Kt5BchaRdACg8HbvGtVdDP8nmbPYa0SEV7mW
J4UAnAh6m4zCuTUsqSz0eTDZG340FXll
=Ke+3
-----END PGP SIGNATURE-----
More information about the Devel
mailing list