> It's the VMOD author you should ask to have an option to ignore public
> key errors.
Well, I'm usually of the mindset that if a problem can be handled in a generic
way by the language/platform/framework, then one should avoid requiring each
and every custom vmod/plugin/library to handle it individually. And I'm also of
the mindset that pretty much any non-trivial code can fail, and the calling
code should be able to catch that if needed. :)
> This is a constructor, and even if we had a try-catch kind of
> construct in the language, I don't think we would make this one
> recoverable.
In my mind, with a try-catch I could handle it like this:
try {
new cryptoVerifier = crypto.verifier(sha256,
std.fileread("/path/to/public.key"));
} catch (error) {
// log error...
// then try with with a hard coded known safe key, but that will fail when
checking the signature
new cryptoVerifier = crypto.verifier(sha256, (sha256, {"
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
"});
}
With this approach, Varnish will start like normal. And the only requests
failing will be the ones using the cryptoVerifier.
_______________________________________________
varnish-misc mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
