[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Apr 28 12:45:43 UTC 2021
New commits:
commit 9e68c4fe03b4383df1a4ef6a20be16d9c8cd294e
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Apr 27 20:18:40 2021 -0400
x509: sort DNS pubkeys before adding them
Sort using the raw pubkey payload (which is a pretty arbitrary
choice).
This way, the pubkey list is more stable, while still having the
latest additions at the front.
The alternative is to keep the pubkey list sorted (just sorting keys
when they are listed isn't sufficient). It turns out that the list
order leaks into the strangest of places, for instance when logging
the keys when authentication fails.
More information about the Swan-commit
mailing list