[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Thu Dec 30 06:34:05 EET 2021

New commits:
commit b915246a403ad6988739c3d404f0929d314634a9
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Dec 29 22:26:38 2021 -0500

    connections: drop get_id_from_cert (nee fromcert) parameter to refine_host_connection*()
    refine_host_connection*() was setting GET_ID_FROM_CERT when, for
    ID_DER_ASN1_DN, match_dn_any_order_wild() returned a wildcard match
    (called via match_id).
    - have match_end_cert_id() return the replacement ID when, for
      ID_DER_ASN1_DN, match_dn_any_order_wild() returns a wildcard match
      (in addition to ID_FROMCERT)
      that way callers can update ID when match_end_cert_id() succeeds
    - and when match_end_cert_id() fails, but POLICY_ALLOW_NO_SAN (the
      cert chain validated), again update ID
    - drop other code paths trying to update the ID

More information about the Swan-commit mailing list