[Swan-dev] ikev2: drop 'certificate verified OK' message
Paul Wouters
paul at nohats.ca
Sun Apr 11 16:41:53 UTC 2021
On Apr 11, 2021, at 10:31, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
>
>
>> No. those three are not same. First one is certificate subject of
>> actual certificate. Second one is ID_DER_ASN1_DN (which you can
>> actually set manually too creating mismatch with certificate) so these
>> two lines are important to print, both.
>>
>> Here was no line to remove or we loose critical information.
>
> There's information scattered across several log lines, when one is sufficient.
The problem is the way the code works and how callers can come from different paths abs how there can be a connection switching event in between.
So I agree with both of you, but the real fix is rewrite how we handle IKE_AUTH entirely.
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210411/c8116deb/attachment.html>
More information about the Swan-dev
mailing list