On Thu, 7 Feb 2019, D. Hugh Redelmeier wrote:
| >
testing/pluto/nss-cert-chain-01-ikev2/OUTPUT/east.pluto.log:1758:"nss-cert-chain"
| > #1: EXPECTATION FAILED: cert->next == NULL (in match_certs_id() at
| > x509.c:779)
|
| This does indicate that certificate chains are passed to the function.
| Perhaps we are not guaranteed the order of the chain of certificates,
| and we still havent figured out which is the EE cert and which is the
| intermediary root CA ?
There are 29 instances of this in the test run.
What should be happening?
What is currently happening?
This is a matter of design and not conjecture. But the design isn't
recorded. It needs to be.
We could rename match_certs_id() to matchid_from_certbundle() ?
Paul
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
