[Swan-dev] %fromcert
D. Hugh Redelmeier
hugh at mimosa.com
Thu Feb 7 15:17:04 UTC 2019
I don't deeply understand what %fromcert is supposed to do.
git grep -ni "fromcert" doc
fails to find an explanation. Only examples.
My particular concern is that in our code,
- a %fromcert in a connection will be mutate to a ID_DER_ASN1_DN by
match_certs_id. The .name field will come from the certificate's
derName.
- this is irreversible
- the connection is not required to be an instance.
This seems quite wrong. Surely there should be a way of reversing
this. Surely there should be a way of binding the connection to
different certificates at different times, and hence the ID should
follow. Perhaps even several at one time.
Am I wrong?
Can we have some documentation? Or did I miss some documentation?
That would let me figure out if the surprising behaviour matches some
intention.
More information about the Swan-dev
mailing list