[Swan-dev] commit 9bc2e4e7f61 broke self-signed certs
Andrew Cagney
andrew.cagney at gmail.com
Sun Nov 10 15:36:35 UTC 2019
How so?
The test results https://testing.libreswan.org/ from the commit
https://testing.libreswan.org/v3.27-603-g9bc2e4e7f-master/ and test
run https://testing.libreswan.org/v3.27-603-g9bc2e4e7f-master/x509-pluto-05/OUTPUT/
show the test passing.
On Sat, 9 Nov 2019 at 16:43, Paul Wouters <paul at nohats.ca> wrote:
>
>
> This commit:
>
> commit 9bc2e4e7f61ec5e4bfd303614974559ce389fbf4
> Author: Andrew Cagney <cagney at gnu.org>
> Date: Sun Jan 13 16:17:09 2019 -0500
>
> x509: eliminate VERIFY_RET* replacing verify_and_cache_chain() with find_and_verify_certs()
>
>
>
> introduced this code:
>
> if (!pexpect(root_certs != NULL) || CERT_LIST_EMPTY(root_certs)) {
> libreswan_log("No Certificate Authority in NSS Certificate DB! Certificate payloads discarded.");
> return NULL;
> }
>
> This broke x509-pluto-05 that uses two selfsigned certs without CA.
>
> Paul
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list