On Thu, 7 Feb 2019, D. Hugh Redelmeier wrote:
| - they sometimes call it with a list of more than one cert.
| (I know this because I planted a pexpect to test for this.)
I put a pexpect in match_certs_id to test for cases where the list had
more than one entry. Here are all the times it fired during a test
run:
testing/pluto/nss-cert-10-notyetvalid-responder-ikev2/OUTPUT/west.console.diff:14:-003 "nss-cert" #2:
EXPECTATION FAILED: st != NULL && st->st_event != NULL && st->st_event->ev_type ==
EVENT_RETRANSMIT (in complete_v2_state_transition at /source/programs/pluto/ikev2.c:1827)
different pexect :)
testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/east.pluto.log:1758:"nss-cert-chain"
#1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at x509.c:779)
This does indicate that certificate chains are passed to the function.
Perhaps we are not guaranteed the order of the chain of certificates,
and we still havent figured out which is the EE cert and which is the
intermediary root CA ?
Paul
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
