On Thu, Mar 11, 2021 at 8:31 PM Jeff King <peff@xxxxxxxx> wrote: [snip] > Thanks. Both patches look good to me. I wondered briefly if we needed to > worry about old versions of curl missing CURLE_SSL_CERTPROBLEM. But it > seems to have shown up in ~2002, so I think we are fine to assume it's > there. > > It would be nice if we had some tests here, but we currently do not > cover any of the ssl-cert stuff in the test suite. I suspect adding them > would be a big pain to configure and maintain, so I'm OK to leave it off > for now. Hopefully you gave it some basic manual testing with your > working setup (good password is stored, bad password is rejected). I did do some manual testing in an environment at work where they have this set up. Unfortunately, the way I went about this was not optimal. I'll work the issue differently in the future, so I don't have that kind of translation issue again. > Looking at how we generate the server-side cert for our http tests, we > could _probably_ do something similar for a client-side cert, and just > configure the server to accept a self-signed certificate. But like I > said, I'm OK to leave that for another series (though of course if you > want to work on it, that would be very much appreciated). I looked at things a little bit, but it was too much to take on right now. I could probably get something together to help make it happen. I've been down that road before, so I know it can be involved, but it would be nice to have tests. I'm not signing up just yet for that, but when a rainy weekend hits, I'll see about taking a stab at it. -John
