2011/1/10 Arjen de Korte <nut+de...@de-korte.org <mailto:nut%2bde...@de-korte.org> >
Citeren emilien...@eaton.com: The main reason is to homogenize directive names between apps (mainly upsmon which uses CERTPATH and upsd which uses CERTNAME) to set the same property. Why? The use of CERTFILE (OpenSSL only) and CERTPATH/CERTIDENT/CERTREQUEST (NSS only) is completely different. We have nothing to gain by reducing the number of directives here, since we will need different instructions on how to fill them anyway. Using different names will help us help people much more easily, since the directives they see in upsd.conf will already tell us if NUT was build to use the OpenSSL or NSS libraries. These should be surrounded by #ifdef/#endif directives and make upsd complain loudly about directives it doesn't understand. So if someone is accidentally using CERTFILE if NUT was build with NSS, it should inform them right away (not when the certificate store is being accessed). Similar the other way around. About configuration directive, only CERTFILE/CERTPATH change of content (a directory instead of a file) but the semantic is kept unchanged. All other SSL related directives are just for NSS mode. So generate different .conf.sample files is IMHO disproportionate related to the too few alterations. Perhaps add few lines of comment in these .conf.sample files? You forget about the amount of problems we will see when people start switching over from OpenSSL to NSS. There is pretty much nothing to gain by consolidating these directives into one. What's wrong with # CERTFILE <certificate file> (OpenSSL only) # CERTFILE /usr/local/ups/etc/upsd.pem # CERTPATH <certificate directory> (NSS only) # CERTPATH /usr/local/ups/etc/cert/upsd # CERTIDENT <certificate name> <database password> (NSS only) # CERTIDENT "my nut server" "MyPasSw0rD" # CERTREQUEST <certificate request level> (NSS only) # CERTREQUEST [0|1|2] # - 0 to not request to clients to provide any certificate # - 1 to require to all clients a certificate # - 2 to require to all clients a valid certificate valid points! Emilien, can you please adapt the code as per the above. I'll check how we can condition the conf sample and highlight the SSL support type in the doc. --------------------------------------------------------------------------
_______________________________________________ Nut-upsdev mailing list Nut-upsdev@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev