On Thu, Mar 11, 2021 at 08:01:53PM -0500, John Szakmeister wrote: > > - I think proxy_cert_auth would probably want the same treatment. > > Oh, I think I misread this before making my fixes. I think what you're > saying here is that proxy_cert_auth should be approved and rejected > in the same spots as the client cert auth? I missed that but am happy > to add it, if that's what you meant. The only trouble is that I don't have > a great way of checking that particular feature. Yep, that's what I meant. Looking at CURLE_SSL_* in curl.h, it looks like there's no way to distinguish a proxy cert problem from a regular cert problem. So probably we'd need to reject both when we see CURLE_SSL_CERTPROBLEM. As long as somebody is not using both at once, it would not matter at all. And even if they are, the worst case is having to put in their password again. That said, given that nobody has asked for it and you have no easy way of testing it, I'm content to leave it be for now. Your patches shouldn't make anything worse there, and it shouldn't be too hard to find this discussion in the list archive later. -Peff
