Polishing fixes from squid-dev review

[thirdparty/squid.git] / src / ssl / PeerConnector.cc

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index bc2d87ffe34963563cbabc403e385887532243d0..bc19bee365a88c46874a9e01fb9dc8ac3c3237d3 100644 (file)
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -555,6 +555,12 @@ Ssl::PeerConnector::certDownloadingDone(SBuf &obj, int downloadStatus)
     Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
 
     // Parse Certificate. Assume that it is in DER format.
+    // According to RFC 4325:
+    //  The server must provide a DER encoded certificate or a collection
+    // collection of certificates in a "certs-only" CMS message.
+    //  The applications MUST accept DER encoded certificates and SHOULD
+    // be able to accept collection of certificates.
+    // TODO: support collection of certificates
     const unsigned char *raw = (const unsigned char*)obj.rawContent();
     if (X509 *cert = d2i_X509(NULL, &raw, obj.length())) {
         char buffer[1024];