From 6d93e45f525f4e7670a0146df1a2bc27d61cb955 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 31 Mar 2008 20:48:55 +0000
Subject: Note location for client trust anchor hook.

svn path=/rpkid/rpki/https.py; revision=1570
---
 rpkid/rpki/https.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'rpkid')

diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py
index fe36cfc9..f84d6598 100644
--- a/rpkid/rpki/https.py
+++ b/rpkid/rpki/https.py
@@ -134,10 +134,15 @@ class httpServer(tlslite.api.TLSSocketServerMixIn, BaseHTTPServer.HTTPServer):
       return False
 
 class Checker(tlslite.api.Checker):
-  """Derived class to add a logging wrapper."""
+  """Derived class to handle X.509 client certificate checking."""
 
   def __call__(self, tlsConnection):
-    """Wrap some logging code around standard tlslite checker."""
+    """Wrap some logging code around standard tlslite.Checker class.
+
+    This is probably also the place where we need to figure out which
+    trust anchor to use, since this is the first point at which we
+    have access to the certificate chain provided by the client.
+    """
 
     for i in range(tlsConnection.session.clientCertChain.getNumCerts()):
       rpki.log.debug("Received client cert[%d] %s" % (i, tlsConnection.session.clientCertChain.x509List[i].getCommonName()))
-- 
cgit v1.2.3