[EMAIL PROTECTED] wrote: >>> Webrev lives here: >>> >>> http://cr.opensolaris.org/~johansen/webrev-2951/ >> The only comment I have is that I'm surprised at the number of places >> you have to add the 'if not check_cert_validity(img):' it might be >> better to put these checks closer to the SSL transport connection code, >> say in 'get_ssl_credentials()'. The reason being that in the future >> their could be other remote transports that don't use certificates or >> don't use them in the same way. > > To be clear, this is really a warning mechanism for customers who have > installed a SSL certificate so that they can get access to specific Sun > repositories. It's part of allowing us to sell support. > > Long term, I agree that we'll want to do the validation in or near the > SSL transport. One of the many problems with urllib2/httplib in Python > is that they don't have any support for verifying the certificates of > either the client or the server. Once we can get pyCurl (Python > interface to libcurl) integrated, we should be able to do a lot of this > in the transport check, and simply switch to emitting a warning if a > client certificate is close to expiration.
Okay, then I'm happy for the code to go in as is. -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
