On Apr 11, 2021, at 10:31, Andrew Cagney <[email protected]> wrote:
>
>
>
>> No. those three are not same. First one is certificate subject of
>> actual certificate. Second one is ID_DER_ASN1_DN (which you can
>> actually set manually too creating mismatch with certificate) so these
>> two lines are important to print, both.
>>
>> Here was no line to remove or we loose critical information.
>
> There's information scattered across several log lines, when one is
> sufficient.
The problem is the way the code works and how callers can come from different
paths abs how there can be a connection switching event in between.
So I agree with both of you, but the real fix is rewrite how we handle IKE_AUTH
entirely.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
