On Mon, 2011-09-19 at 09:45 +0300, Jussi Kukkonen wrote: > Ah, I see. That explains why it was seemingly so complex... Yeah. OpenSSL makes me sad sometimes... http://www.advogato.org/person/dwmw2/diary/205.html > I don't want to change the user interaction here -- it seems quite > standard and logical -- so either we just live with the expiry warning > appearing at only connection time or provide early warnings only when it > happens to be easy. > > I still think it would make sense to make the certificate expiry date > available to the application if possible (I suggested _get_client_cert() > because I imagined other details in the cert could be useful as well). > Creating user messages without the date is doable but not really optimal. Yeah, I'm more than happy adding _get_client_cert(), which could even call load_certificate() if the cert hasn't already been loaded. So you *could* call it before connection if you really wanted to, or you can call it when you receive a certificate warning message. Want to let me have an updated patch for that, and then we can look at the ->progress() status code and translations next? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5818 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20110919/624769f1/attachment.bin>
