[Swan-commit] Changes to ref refs/heads/master

D. Hugh Redelmeier hugh at vault.libreswan.fi
Sun Feb 24 21:06:05 UTC 2019


New commits:
commit 1c5ad72ce4f8f86e4954384a6bd4d8a8cb5c4a70
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Sun Feb 24 16:02:06 2019 -0500

    pluto: nss_cert_verify.c: rework log_bad_cert and verify_end_cert
    
    Lack of NSS documentation made this hard.
    
    log_bad_cert:
    
    - Report each error in list, not just first (suppressing contiguous duplicates).
      Funny thing: it may be that all entries in list are the same!
    
    - add the profile (IPSec / TLS Client / TLS Server) used to the log message
    
    verify_end_cert:
    
    - make the control and data flows clearer (not clear).
    
    - loop over each profile to use (don't try IPSec profile separately)
    
    - add lots of passerts and pexpects and warning comments
    
    - avoid leaks present in old code



More information about the Swan-commit mailing list