Improve documentation of behaviour of DEFAULT in the cipherstring.#5421
Improve documentation of behaviour of DEFAULT in the cipherstring.#5421t8m wants to merge 1 commit intoopenssl:masterfrom
Conversation
|
Sorry, but "does not need to be separated from rest of the cipherstring" does not make so much sense given that the subject is a cipherstring (notice difference between cipherlist and cipherstring in man page).
|
|
IOW, the behavior (as I observed it--the actual processing in the code might be superset of that) seems to me as completely different syntax of cipherlist. |
vdukhovni
left a comment
There was a problem hiding this comment.
I don't think this misbehaviour should be documented as an interface contract. Mentioning it in the "BUGS" section would be OK.
|
In addition to opposing the documentation change (to freeze-in a bug), the real documentation lapse with "DEFAULT" is that unlike various more "primitive" cipherlist elements, it does not support additional boolean combinations, e.g. "DEFAULT+kECDHE" or similar. It is a special "macro" that can only occur at the start of the list, and is logically replaced with its definition, and then anything else that follows after the next ":". We can document that limitation as a non-bug, is that is less likely to change, is a good part of the reason why "DEFAULT" is first. This PR is not progress as it stands IMHO. |
|
Victor, would you be able to propose a different PR with your suggestions? |
Fixes #5420
Checklist