[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Fri Apr 26 13:45:56 UTC 2019 

New commits:
commit 088827714460c7cf8b54bfc55915434cb1c9d25d
Merge: 9f0cedb bad44de
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri Apr 26 09:43:43 2019 -0400

    certs/connections: if there's something wrong with a cert, don't add the connection
    
    Also fixes bug 339.
    
    Merge commit 'bad44de78ef0d2dd55a753082de52c3c6b99ab17'

commit bad44de78ef0d2dd55a753082de52c3c6b99ab17
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Apr 17 12:44:42 2019 -0400

    connections: merge secret and cert code so things get done less often
    
    As part of trying to pre-load a connection's private key (aka secret),
    the code was searching for and then loading the certificate only to
    then throw it all away.
    
    This patch merges that code with the connection's end code which also
    searches for and then loads the certificate.
    
    The change also:
    
    - remembers to free the cert when fips rejects it
    
    - rejects the connection when a cert's low-level details can't be
      extracted

commit 126de7ce17601a12fb3b369174a1e16591d9f231
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 16 15:54:42 2019 -0400

    nss: mitigate core dump when cert is yanked from under pluto
    
    If the cert's low-level details (pubkey) can't be extracted, log the
    problem and return a failure.
    
    However, because of the way the calling code works, the error appears
    twice and then the connection still gets loaded.
    
    - Very early on the connection code tries to pre-load the private key
      that matches the certificate.  Since not having a private key isn't
      a failure the code continues.  However, since this involves
      extracting the certificate's public key, it can still trigger the
      error (the code also throws away the result since there's no where
      to store it)
    
    - Later, as part of constructing the connection's end, the cert is
      extracted and saved.  Any errors while doing this are discarded
      (cert not found) or ignored (pubkey unavailable).
    
    See bug 339.

commit 2f3d15bbcb3d84ccbd05f76c59e8b5347cd78b1c
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 23 16:54:07 2019 -0400

    connection: reject connections with an invalid end certificate
    
    Better than accepting authby=rsasig,null when rsasig isn't valid.
    (note inner code still ignores some failures)

More information about the Swan-commit mailing list