[Swan-dev] commit 9bc2e4e7f61 broke self-signed certs

Paul Wouters paul at nohats.ca
Sat Nov 9 21:42:56 UTC 2019

This commit:

commit 9bc2e4e7f61ec5e4bfd303614974559ce389fbf4
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sun Jan 13 16:17:09 2019 -0500

     x509: eliminate VERIFY_RET* replacing verify_and_cache_chain() with find_and_verify_certs()

introduced this code:

         if (!pexpect(root_certs != NULL) || CERT_LIST_EMPTY(root_certs)) {
                 libreswan_log("No Certificate Authority in NSS Certificate DB! Certificate payloads discarded.");
                 return NULL;

This broke x509-pluto-05 that uses two selfsigned certs without CA.


More information about the Swan-dev mailing list