[Swan-dev] %fromcert

D. Hugh Redelmeier hugh at mimosa.com
Thu Feb 7 15:17:04 UTC 2019

I don't deeply understand what %fromcert is supposed to do.

	git grep -ni "fromcert" doc
fails to find an explanation.  Only examples.

My particular concern is that in our code,

- a %fromcert in a connection will be mutate to a ID_DER_ASN1_DN by
  match_certs_id.  The .name field will come from the certificate's

- this is irreversible

- the connection is not required to be an instance.

This seems quite wrong.  Surely there should be a way of reversing
this.  Surely there should be a way of binding the connection to
different certificates at different times, and hence the ID should
follow.  Perhaps even several at one time.

Am I wrong?

Can we have some documentation?  Or did I miss some documentation?
That would let me figure out if the surprising behaviour matches some

More information about the Swan-dev mailing list