[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Wed Apr 28 12:45:43 UTC 2021


New commits:
commit 9e68c4fe03b4383df1a4ef6a20be16d9c8cd294e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Apr 27 20:18:40 2021 -0400

    x509: sort DNS pubkeys before adding them
    
    Sort using the raw pubkey payload (which is a pretty arbitrary
    choice).
    
    This way, the pubkey list is more stable, while still having the
    latest additions at the front.
    
    The alternative is to keep the pubkey list sorted (just sorting keys
    when they are listed isn't sufficient).  It turns out that the list
    order leaks into the strangest of places, for instance when logging
    the keys when authentication fails.



More information about the Swan-commit mailing list