Arjen de Korte
2011-Jan-07 19:58 UTC
[Nut-upsdev] [nut-commits] svn commit r2809 - branches/ssl-nss-port/server
Citeren Emilien Kia <emilienkia-guest op alioth.debian.org>:> Author: emilienkia-guest > Date: Fri Jan 7 14:44:25 2011 > New Revision: 2809 > URL: http://trac.networkupstools.org/projects/nut/changeset/2809 > > Log: > Deprecate CERTFILE conf var to the benefit of CERTPATH : homogenize > conf directive names. > > Modified: > branches/ssl-nss-port/server/conf.cThis patch breaks existing OpenSSL installations without valid reason, so I don't think this is a good idea. It would be better to use CERTFILE if OpenSSL is used and CERTPATH (and friends) if NSS is used. By doing so, it would be immediately clear if a user is using OpenSSL or NSS. This would probably be beneficial in case people ask how to set this up. In order for this to work, we should generate different 'upsd.conf.sample' files depending on the SSL library used. This would be worthwhile anyway, for versions compiled with OpenSSL and where some of these keywords are not used at all (and would only confuse people setting this up). Best regards, Arjen -- Please keep list traffic on the list (off-list replies will be rejected)
EmilienKia at Eaton.com
2011-Jan-10 09:13 UTC
[Nut-upsdev] [nut-commits] svn commit r2809 -branches/ssl-nss-port/server
Hi Arjen, Hi all, The main reason is to homogenize directive names between apps (mainly upsmon which uses CERTPATH and upsd which uses CERTNAME) to set the same property. Note that the CERTFILE directive is working but is just flagged as deprecated. As ssl support compilation is exclusive (only openssl or nss at the same time), I do not see any reason to keep two directives in parallel (one per compile profile) doing the same thing (pointing to the certificate database, in the form of a single file or a directory). About configuration directive, only CERTFILE/CERTPATH change of content (a directory instead of a file) but the semantic is kept unchanged. All other SSL related directives are just for NSS mode. So generate different .conf.sample files is IMHO disproportionate related to the too few alterations. Perhaps add few lines of comment in these .conf.sample files? Any other comment or point of view? BR, Emilien -----Message d'origine----- De : nut-upsdev-bounces+emilienkia=eaton.com at lists.alioth.debian.org [mailto:nut-upsdev-bounces+emilienkia=eaton.com at lists.alioth.debian.org] De la part de Arjen de Korte Envoy? : vendredi 7 janvier 2011 20:59 ? : nut-upsdev Objet : Re: [Nut-upsdev] [nut-commits] svn commit r2809 -branches/ssl-nss-port/server Citeren Emilien Kia <emilienkia-guest at alioth.debian.org>:> Author: emilienkia-guest > Date: Fri Jan 7 14:44:25 2011 > New Revision: 2809 > URL: http://trac.networkupstools.org/projects/nut/changeset/2809 > > Log: > Deprecate CERTFILE conf var to the benefit of CERTPATH : homogenize > conf directive names. > > Modified: > branches/ssl-nss-port/server/conf.cThis patch breaks existing OpenSSL installations without valid reason, so I don't think this is a good idea. It would be better to use CERTFILE if OpenSSL is used and CERTPATH (and friends) if NSS is used. By doing so, it would be immediately clear if a user is using OpenSSL or NSS. This would probably be beneficial in case people ask how to set this up. In order for this to work, we should generate different 'upsd.conf.sample' files depending on the SSL library used. This would be worthwhile anyway, for versions compiled with OpenSSL and where some of these keywords are not used at all (and would only confuse people setting this up). Best regards, Arjen -- Please keep list traffic on the list (off-list replies will be rejected) _______________________________________________ Nut-upsdev mailing list Nut-upsdev at lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev --------------------------------------------------------------------------