[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Tue Sep 22 19:30:58 UTC 2020

New commits:
commit 0d67228837c737012b5bc8f60ffb44d682143908
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Sep 22 12:57:36 2020 -0400

    crypto: log when ever a private key is loaded from NSS
    (to the log file, but not to whack - that messes up tests)
    The load happens too often.
    Because a connection has no counted reference to its private key,
    operations such as <<delete all secrets>> leave connections/states
    dangling.  This is why IKE_AUTH has to try and re-load its private key
    (even when it was pre-loaded by add connection say).
    One working theory is:
    - "add" pre-loads private keys with counted reference
    - orient() checks private keys present (since ends needs known)
    - IKE_AUTH has the key pre-loaded

More information about the Swan-commit mailing list