Using bidirectional authentication in pkgng

Michael Gmelin freebsd at
Thu Jan 24 11:19:44 UTC 2013

On Thu, 24 Jan 2013 10:50:11 +0100
Dag-Erling Smørgrav <des at> wrote:

> Baptiste Daroussin <bapt at> writes:
> > Michael Gmelin  <freebsd at> writes:
> > > I implemented the necessary bits over the weekend and filed a PR
> > > containing the patch (SSL peer verification, hostname checking,
> > > client certificates etc.).
> > > 
> > >
> > > 
> > > Assuming the code quality is sufficient, it would be great if it
> > > made it to base (not sure if des at is still taking care
> > > of libfetch). 
> > Yes he is, that is why I have CCed him
> Thank you.
> The patch looks interesting, modulo a metric buttload of style
> issues :)

Would be great if you could point out the exact issues, so I could avoid
them next time (I spent literally hours trying to clean up the code so
it complies to style(9), even though it doesn't seem like fetch really
follows it either). Other people's coding standards are always arbitrary
and, um, wrong anyway, you know ;)

> I'll take a closer look in a few days, feel free to remind
> me.

Will do.

> > > That said, if there's interest I could volunteer to implement DANE
> > > later this year - assuming there is someone who can audit the
> > > results.
> If you're interested in working on fetch, I'm looking for someone
> who's willing to help reimplement it from scratch.

I can only work on open source projects in my spare time - this was
slightly different since we might profit from being able to use pkg in a
compliant way. A complete re-implementation sounds more like a summer of
code project to me. Assuming I'm able to get DANE in there, maybe
somebody else could pick up all the bits and pieces and repackage them.
Well, let's see, never say never :)



Michael Gmelin

More information about the freebsd-ports mailing list