[Swan-dev] commit 9bc2e4e7f61 broke self-signed certs
Paul Wouters
paul at nohats.ca
Sat Nov 9 21:42:56 UTC 2019
This commit:
commit 9bc2e4e7f61ec5e4bfd303614974559ce389fbf4
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Jan 13 16:17:09 2019 -0500
x509: eliminate VERIFY_RET* replacing verify_and_cache_chain() with find_and_verify_certs()
introduced this code:
if (!pexpect(root_certs != NULL) || CERT_LIST_EMPTY(root_certs)) {
libreswan_log("No Certificate Authority in NSS Certificate DB! Certificate payloads discarded.");
return NULL;
}
This broke x509-pluto-05 that uses two selfsigned certs without CA.
Paul
More information about the Swan-dev
mailing list