paul at nohats.ca
Thu Feb 7 20:22:19 UTC 2019
On Thu, 7 Feb 2019, D. Hugh Redelmeier wrote:
> | > testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/east.pluto.log:1758:"nss-cert-chain"
> | > #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at
> | > x509.c:779)
> | This does indicate that certificate chains are passed to the function.
> | Perhaps we are not guaranteed the order of the chain of certificates,
> | and we still havent figured out which is the EE cert and which is the
> | intermediary root CA ?
> There are 29 instances of this in the test run.
> What should be happening?
What is currently happening?
> This is a matter of design and not conjecture. But the design isn't
> recorded. It needs to be.
We could rename match_certs_id() to matchid_from_certbundle() ?
More information about the Swan-dev