[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Thu Dec 30 06:34:05 EET 2021
New commits:
commit b915246a403ad6988739c3d404f0929d314634a9
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 29 22:26:38 2021 -0500
connections: drop get_id_from_cert (nee fromcert) parameter to refine_host_connection*()
refine_host_connection*() was setting GET_ID_FROM_CERT when, for
ID_DER_ASN1_DN, match_dn_any_order_wild() returned a wildcard match
(called via match_id).
Instead:
- have match_end_cert_id() return the replacement ID when, for
ID_DER_ASN1_DN, match_dn_any_order_wild() returns a wildcard match
(in addition to ID_FROMCERT)
that way callers can update ID when match_end_cert_id() succeeds
- and when match_end_cert_id() fails, but POLICY_ALLOW_NO_SAN (the
cert chain validated), again update ID
- drop other code paths trying to update the ID
More information about the Swan-commit
mailing list