New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openssl-s_client.pod.in: Fix grammar in NOTES section. #9421
openssl-s_client.pod.in: Fix grammar in NOTES section. #9421
Conversation
This pr is ready for merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved for 1.1.1 as well, if applicable.
@aborkowski it looks like you just added a merge commit, which is not the preferred workflow. |
CLA: trivial
1cb89d8
to
9d24f34
Compare
@kaduk Thank you for the hint, my branch is now rebased onto current master. |
@@ -781,7 +781,7 @@ server. | |||
|
|||
This command is a test tool and is designed to continue the | |||
handshake after any certificate verification errors. As a result it will | |||
accept any certificate chain (trusted or not) sent by the peer. None test | |||
accept any certificate chain (trusted or not) sent by the peer. Non-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rereading the sentence I get the impression that this little change does not really improve it. How about reformulating the sentence, for example as follows:
Applications should B<not> do this in productive use as it makes them vulnerable...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or perhaps
This is only appropriate in a testing tool; other applications need to perform certificate validation and engage error handling on validation failure. Failure to perform proper validation leaves the application vulnerable to a MITM attack.
Though I'm willing to accept the current version of this patch as a clear improvement over the existing buggy state.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The latter was my intention, but I'm also happy to close this pull request if someone else comes up with a more substantial improvement.
@@ -781,7 +781,7 @@ server. | |||
|
|||
This command is a test tool and is designed to continue the | |||
handshake after any certificate verification errors. As a result it will | |||
accept any certificate chain (trusted or not) sent by the peer. None test | |||
accept any certificate chain (trusted or not) sent by the peer. Non-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or perhaps
This is only appropriate in a testing tool; other applications need to perform certificate validation and engage error handling on validation failure. Failure to perform proper validation leaves the application vulnerable to a MITM attack.
Though I'm willing to accept the current version of this patch as a clear improvement over the existing buggy state.
Well, it's better than it was before, so I won't object to it being merged.
This pull request is ready to merge |
CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from #9421)
Thanks for your contribution.. The rewind on this took a while :). Merged to master.. |
Closing this now that PR #12907 has been added for the 1_1_1 branch. |
This is just a small fix to the wording, which was ungrammatical.
Checklist