Resign based on verification (RFE #SF2964383)

From: Murray S. Kucherawy <msk_at_blackops.org>
Date: Fri, 23 Apr 2010 22:49:08 -0700 (PDT)

I just made a comment in the RFE about resigning only if the incoming
signature verified. It looks like I actually already did this in a
previous version of the filter, so it's not really an RFE for 2.1.0.

The question instead is: Should this capability be built into the library
rather than letting the application (opendkim, in this case) try to figure
it out? Right now, if you open a resigning handle, it will still complete
signature generation in dkim_eom() even if the verifying handle tied to it
fails. Should there be a flag you can set on the resigning handle so that
it will also fail in dkim_eom() if the verifying handle fails?

I'm slightly in favour of saying "Yes, this should exist" but I'd like to
hear what others with API design advice might think.

-MSK
Received on Sat Apr 24 2010 - 05:49:25 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:52 PST