On 23/02/06 02:24, Theo Buehler wrote: > On Sun, Feb 05, 2023 at 03:59:38PM -0700, Ashlen wrote: > > (Can CC to tech@ or elsewhere if needed, I didn't know if it belonged here > > or > > there so I'm starting here) > > Please do not send patches to misc. Many of us don't have the time and > nerves to dig through all the noise to see if there's anything worth > looking at.
Hi Theo. Sorry about that (though thank you for making it clear). Would libressl@ have been the right place? > The two options don't do the same thing, so renaming > SSL_OP_NO_CLIENT_RENEGOTIATION into SSL_OP_NO_RENEGOTIATION or vice > versa isn't correct. > > > I don't know for sure which direction others would prefer to patch in, but > > I get > > the feeling it makes more sense to choose the approach that involves less > > future > > patching (renaming SSL_OP_NO_CLIENT_RENEGOTIATION to > > SSL_OP_NO_RENEGOTIATION). > > If the two options were equivalent, another option would have been to > add one compat define to ssl.h: > > #define SSL_OP_NO_RENEGOTIATION SSL_OP_NO_CLIENT_RENEGOTIATION > > This way no other patching would be needed. I see. Thank you for all of the other information before this as well. Reading through it helped me orient a little. I realize now that what I sent was a very naive patch, and that I really misunderstood what was going on. I underestimated how much I'd need to know to patch this. On that note, I should mention that I didn't know any C until after your mail (and from what I can tell, I still don't know nearly enough). I'm really only competent in Perl and shell. So in hindsight, I had no business offering a patch for this and I honestly feel quite embarrassed about it. Everyone makes mistakes, I guess, but still. > There are a few things to consider. > > 1. Should we add SSL_OP_NO_RENEGOTIATION? > > In my opinion your findings suggest that it should be done. It should > not be hard if you want to take a stab at it. If I felt confident in my ability to write safe, good quality C in a timely manner, I'd readily accept this. But my gut instinct tells me that it'll be a better use of everyone's time for me to properly learn C first and for someone else to take on this problem. Sorry, I really wish I could speak of this situation differently. Even if it turns out to be a trivial fix, I just don't know the fundamentals of C well enough yet to identify what that would look like. While I know that I'm capable of learning them, it'll take me a while to work through the rest of K&R---in large part due to other life events that are really vying for my attention. In any case, I do want to contribute to OpenBSD as it's my favorite OS and I use it pretty much wherever I can. Once I have a better grasp of C, I'll find a different way to help.
