On Fri, Feb 26, 2010 at 12:55:38PM -0500, Jeff Trawick wrote: > On Tue, Feb 9, 2010 at 7:46 AM, <jor...@apache.org> wrote: > > --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original) > > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Feb 9 12:46:17 > > 2010 > > @@ -637,7 +637,8 @@ > > sc->insecure_reneg = flag?TRUE:FALSE; > > return NULL; > > #else > > - return "SSLInsecureRenegotiation is not supported by the SSL library"; > > + return "Secure renegotation is not supported by the SSL library; " > > + "the SSLInsecureRenegotiation directive is not available"; > > #endif > > } > > Besides losing 5 points for spelling,
doh, thanks > is it worth punting as much as possible to the docs? Yes :) I "improved" the wording here since it was pointed out to me off-list that the original read as "insecure reneg not supported" which comes across as both confusing and inaccurate. I'd like to have a FAQ entry about this, certainly, covering the behaviour with different versions of OpenSSL as you mention. I'm not sure how to further "improve" the error string here though, it seemed a bit awkward to start putting docs URLs in or anything. Any suggestions? Regards, Joe
