On 01/12/2018 21:53, Viktor Dukhovni wrote:
On Sat, Dec 01, 2018 at 07:12:24PM +0000, Michael Wojcik wrote:
Are there compatibility concerns around changing error message
text for which users may have created regex patterns in scripts?
I agree the text could be better, but not sure in what releases
if any to change the text, since the change may cause issues
for some users.
Sure, this is always a concern. Maybe the change could be considered for OpenSSL 3.0, since that's a major release.
Care to create a PR against the "master" branch? Something
along the lines of:
"Provided chain ends with untrusted self-signed certificate"
or better. Here "untrusted" might mean not trusted for the requested
purpose, but more precise is not always more clear.
Perhaps s/untrusted/unknown/ as in
"Provided chain ends with unknown self-signed certificate".
Or even better, two different error codes:
- "Only self-signed end certificate provided"
- "Provided chain ends with unknown root certificate"
(Deciding which one keeps the old error code is left as
an exercise).
(Distinguishing a self-siged end cert from a self-signed
root when no other certificate is provided is also left
as an exercise).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
