On Fri, Feb 26, 2010 at 3:38 PM, Joe Orton <jor...@redhat.com> wrote: > On Fri, Feb 26, 2010 at 12:55:38PM -0500, Jeff Trawick wrote: >> On Tue, Feb 9, 2010 at 7:46 AM, <jor...@apache.org> wrote: >> > --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original) >> > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Feb 9 12:46:17 >> > 2010 >> > @@ -637,7 +637,8 @@ >> > sc->insecure_reneg = flag?TRUE:FALSE; >> > return NULL; >> > #else >> > - return "SSLInsecureRenegotiation is not supported by the SSL library"; >> > + return "Secure renegotation is not supported by the SSL library; " >> > + "the SSLInsecureRenegotiation directive is not available"; >> > #endif >> > } >> >> Besides losing 5 points for spelling, > > doh, thanks > >> is it worth punting as much as possible to the docs? > > Yes :) > > I "improved" the wording here since it was pointed out to me off-list > that the original read as "insecure reneg not supported" which comes > across as both confusing and inaccurate. > > I'd like to have a FAQ entry about this, certainly, covering the > behaviour with different versions of OpenSSL as you mention. > > I'm not sure how to further "improve" the error string here though, it > seemed a bit awkward to start putting docs URLs in or anything. Any > suggestions?
simply "The SSLInsecureRenegotiation directive is not available with this SSL library" or similar, with all the other information either in the SSLInsecureRenegotiation doc or linked from it