Skip to content

Ensure SSL_CERT_DIR messages are always shown and check for existing value#3

Open
tomerqodo wants to merge 6 commits into
codex_full_base_ensure_ssl_cert_dir_messages_are_always_shown_and_check_for_existing_value_pr3from
codex_full_head_ensure_ssl_cert_dir_messages_are_always_shown_and_check_for_existing_value_pr3
Open

Ensure SSL_CERT_DIR messages are always shown and check for existing value#3
tomerqodo wants to merge 6 commits into
codex_full_base_ensure_ssl_cert_dir_messages_are_always_shown_and_check_for_existing_value_pr3from
codex_full_head_ensure_ssl_cert_dir_messages_are_always_shown_and_check_for_existing_value_pr3

Conversation

@tomerqodo

Copy link
Copy Markdown

Benchmark PR from agentic-review-benchmarks#3

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 07d6e09522

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines 406 to 409
}

sawTrustFailure = !hasValidSslCertDir;
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve prior trust failures when SSL_CERT_DIR is valid

This assignment resets sawTrustFailure based solely on hasValidSslCertDir. If NSS trust failed earlier (e.g., TryAddCertificateToNssDb failed), sawTrustFailure was already true; when SSL_CERT_DIR already includes the cert directory, this line flips it back to false and the method returns TrustLevel.Full. That misreports trust as full even though a client trust path failed. Consider preserving earlier failures (e.g., sawTrustFailure |= !hasValidSslCertDir) so prior failures aren’t cleared.

Useful? React with 👍 / 👎.

Comment on lines 355 to +366
? Path.Combine("$HOME", certDir[homeDirectoryWithSlash.Length..])
: certDir;

if (TryGetOpenSslDirectory(out var openSslDir))
var hasValidSslCertDir = false;

// Check if SSL_CERT_DIR is already set and if certDir is already included
var existingSslCertDir = Environment.GetEnvironmentVariable(OpenSslCertificateDirectoryVariableName);
if (!string.IsNullOrEmpty(existingSslCertDir))
{
var existingDirs = existingSslCertDir.Split(Path.PathSeparator);
var certDirFullPath = Path.GetFullPath(prettyCertDir);
var isCertDirIncluded = existingDirs.Any(dir =>

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Compare SSL_CERT_DIR against real cert path, not $HOME alias

Here the comparison uses prettyCertDir, which substitutes $HOME for display. Path.GetFullPath("$HOME/...") resolves relative to the current working directory, so it won’t match an SSL_CERT_DIR entry like /home/user/... even when the directory is already configured. That leads to false “append” guidance and (via sawTrustFailure = !hasValidSslCertDir) can mark trust as partial even when SSL_CERT_DIR already includes the actual cert directory. Use certDir or expand $HOME before computing the full path.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants