On Wed, Apr 20, 2022 at 07:14:23PM +0200, Claudio Jeker wrote: > The filemode code is enough different from the regular parser code that it > makes sense to totally split it out. Only proc_parser_cert_validate() and > proc_parser_root_cert() had to be duplicated which is IMO acceptable.
I'm not a fan of having to keep things in sync: it rarely ever works. If we need two copies, would it not be better to let them be thin wrappers around a shared function, so that we only need to modify one thing? > The valid_x509() plus static functions are moved to validate.c. > The crl_tree code moved into crl.c similar to the auth_tree handling in > cert.c. Last but not least all main proc functions are now tagged with > __attribute(noreturn) which allows to remove the errx() after them. Apart from the above concern, I'm ok with this and think it's an improvement.
