[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Tue Sep 22 19:30:58 UTC 2020
New commits:
commit 0d67228837c737012b5bc8f60ffb44d682143908
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Sep 22 12:57:36 2020 -0400
crypto: log when ever a private key is loaded from NSS
(to the log file, but not to whack - that messes up tests)
The load happens too often.
Because a connection has no counted reference to its private key,
operations such as <<delete all secrets>> leave connections/states
dangling. This is why IKE_AUTH has to try and re-load its private key
(even when it was pre-loaded by add connection say).
One working theory is:
- "add" pre-loads private keys with counted reference
- orient() checks private keys present (since ends needs known)
- IKE_AUTH has the key pre-loaded
More information about the Swan-commit
mailing list