[Swan-commit] Changes to ref refs/heads/master
D. Hugh Redelmeier
hugh at vault.libreswan.fi
Sun Feb 24 21:06:05 UTC 2019
New commits:
commit 1c5ad72ce4f8f86e4954384a6bd4d8a8cb5c4a70
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Sun Feb 24 16:02:06 2019 -0500
pluto: nss_cert_verify.c: rework log_bad_cert and verify_end_cert
Lack of NSS documentation made this hard.
log_bad_cert:
- Report each error in list, not just first (suppressing contiguous duplicates).
Funny thing: it may be that all entries in list are the same!
- add the profile (IPSec / TLS Client / TLS Server) used to the log message
verify_end_cert:
- make the control and data flows clearer (not clear).
- loop over each profile to use (don't try IPSec profile separately)
- add lots of passerts and pexpects and warning comments
- avoid leaks present in old code
More information about the Swan-commit
mailing list