Re: [PATCH] Tying validation errors to certificates

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 02 Jun 2013 23:35:03 +1200

On 29/05/2013 8:59 p.m., Tsantilas Christos wrote:
> When Squid sends errors to the certificate validation daemon, the daemon
> cannot tell which certificate caused which error. This is especially bad
> because the validator has to return that same information in the
> response (the response format requires the validator to match the error
> to the certificate).
> This patch adjust the validation request format to provide that
> information using a set of the following key=value pairs:
>
> error_name_N=the name of the certificate error number N
> error_cert_N=the ID of the certificate which caused error_name_N
>
> where N is non-negative integer. N values start from zero and increase
> sequentially.
>
> This is a Measurement Factory project

I think this problem is a side-effect of not following my suggestion
earlier to split the certificates across concurrency channels. Yes?
If that were done each channel would be dealing with only one
certificate and its errors. No need to explicitly tie them together like
this.

Amos
Received on Sun Jun 02 2013 - 11:35:20 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 12:00:05 MDT