On Sun, Aug 05, 2018 at 02:00:04PM +0300, Heikki Linnakangas wrote: > I did some further testing with this, compiling with and without > HAVE_BE_TLS_GET_CERTIFICATE_HASH and HAVE_PGTLS_GET_PEER_CERTIFICATE_HASH, > and fixed a few combinations that did not work. And I fixed the other > comment typos etc. that you pointed out.
Two things that I am really unhappy about is first that you completely wiped out the test suite for channel binding. We know that channel binding will be used once HAVE_X509_GET_SIGNATURE_NID is set, hence why didn't you keep the check on supports_tls_server_end_point to determine if the connection should be a failure or a success? Then, I also find the meddling around HAVE_X509_GET_SIGNATURE_NID and the other flags over-complicated, but I won't fight hard on that point if you want to go your way. > I have committed this now, because I think it's important to get this into > the next beta version, and I'd like to get a full cycle on the buildfarm > before that. But if you have the chance, please have one more look at the > committed version, to make sure I didn't mess something up. This I definitely agree with, getting this patch in before beta 3 is the best thing to do now. -- Michael
signature.asc
Description: PGP signature
