[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Add some basic sanity checking of certificates before use



On 07/15/2011 06:15 AM, Jiri Denemark wrote:
> On Fri, Jul 15, 2011 at 11:40:01 +0100, Daniel P. Berrange wrote:
>> If the libvirt daemon or libvirt client is configured with bogus
>> certificates, it is very unhelpful to only find out about this
>> when a TLS connection is actually attempted. Not least because
>> the error messages you get back for failures are incredibly
>> obscure.

>> +    if (gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM) < 0) {
>> +        virNetError(VIR_ERR_SYSTEM_ERROR,
>> +                    _("Unable to import %s certificate %s"),
>> +                    isServer ? "server" : "client", certFile);
> 
> Shouldn't this and several other instances below rather be something like
> 
>         isServer ? _("Unable to import server certificate %s")
>                  : _("Unable to import client certificate %s")

Yes, the translators _do_ prefer complete sentences.  Not to mention
that the patch as written doesn't translate "server" or "client", so it
would look weird having an English word injected into an otherwise
translated sentence.

>> +            virNetError(VIR_ERR_SYSTEM_ERROR,
>> +                        _("Unable to verify %s certificate against CA certificate"),
>> +                        isServer ? "server": "client");

Another instance of translation issues.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]