On Wed, Nov 30, 2016 at 05:26:30PM +0300, SviMik wrote: > 1) I would also check if the file size was changed, not only mtime. >
this would work against 2 CRLs with the same mtime but different size: is this is a real case we have to worry about? Anyway, adding this check is easy. I'd do it if it makes the whole check more robust. > 2) I wasn't digging the code deeply, but the > > ssl_ctx->crl_last_mtime.tv_sec >= crl_stat.st_mtime > makes me think it would fail if the file goes reverted to a previous version. > Perhaps the check shall be != instead of >=. > good point! I think we should definitely switch to !=. Thanks! -- Antonio Quartulli ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
