return -2;
}
- /* Check that the proxy certificate file exists and is readable for this
- * domain. This ensures we send an "invalid" certificate even if the proxy
- * certificate doesn't exist. */
+ /* Check that the proxy certificate file for this domain exists and is
+ * readable. This ensures we send an "invalid" certificate if the proxy
+ * certificate doesn't exist.
+ *
+ * If the file gets removed or becomes unreadable after the check we won't
+ * be able to establish a connection to the real server so this
+ * race-condition has no security issues and is only a convenience for the
+ * user. */
if (proxy_certificate_path(hostname, path, sizeof(path)) != 0) {
return -1;
}