Re: Bug#139710: first version of https support available
On Tue, 2 Apr 2002, Tomas Pospisek wrote:
> http: //sourcepole.ch/sources/software/apt_https/
> * how do you like the integration with the rest of your stuff?
Going down the diff..
+ah_WITH_SSL
You are not 'ah', use to_ or something.. The macro does not seem to
actually test if SSL is available and working to build against, it
probably should.
All the changes to connect.cc appear to be needless.
+#ifdef WITH_SSL
+bool CircleBuf::Read(SSL * Ssl)
This is C++. The way to implement this without wacks of #ifdefs everywere
is to suck a few more things into circlebuf and subclass it for the SSL
case. The wacks of ifdefs and 'if https's are really excessive.
+ string ProxyStr;
Making 'ProxyStr' a string is silly, it is never assigned to anything but
a constant.
ConnectSSL really needs to use the normal connect function and then just
bind the SSL library to that FD (there are functions in openssl to do
this). The normal connect function does much more than what openssl
provides.
Ultimately I don't think we can expect to have https included with APT, as
that needs openssl on the base install. So at best it would have to
compile seperately to something called https (this is trivial). You also
forgot the makefile bit to actually make the https symlink, which would be
necessary for this to work at all.
> Certificate validation is on my todo list.
SSL is utterly pointless without this, and I'm not sure how you would go
about implementing it in this sort of context..
Jason
--
To UNSUBSCRIBE, email to deity-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: