On Fri, Mar 12, 2021 at 01:41:30AM +0000, brian m. carlson wrote:
> > diff --git a/http.c b/http.c
> > index f8ea28bb2e..12a8aaba48 100644
> > --- a/http.c
> > +++ b/http.c
> > @@ -1637,7 +1637,17 @@ static int handle_curl_result(struct slot_results *results)
> > credential_approve(&http_auth);
> > if (proxy_auth.password)
> > credential_approve(&proxy_auth);
> > + credential_approve(&cert_auth);
> > return HTTP_OK;
> > + } else if (results->curl_result == CURLE_SSL_CERTPROBLEM) {
> > + /*
> > + * We can't tell from here whether it's a bad path, bad
> > + * certificate, bad password, or something else wrong
> > + * with the certificate. So we reject the credential to
> > + * avoid caching or saving a bad password.
> > + */
> > + credential_reject(&http_auth);
>
> Is this supposed to be &cert_auth here? I'm not sure how a bad HTTP
> password would even have been tested in this case.
Good catch! When reviewing, I was so busy thinking about _where_ this
line should go that I didn't even notice what it said. :)
-Peff
