[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan-commit
Subject: [Swan-commit] Changes to ref refs/heads/master
From: Andrew Cagney <cagney () vault ! libreswan ! fi>
Date: 2019-09-23 11:56:21
Message-ID: 46cN850Z94z7Rs0C () vault ! libreswan ! fi
[Download RAW message or body]
New commits:
commit 53f63d7eb2cf0f64683b0ca7e824afe095d1f15a
Author: Andrew Cagney <cagney@gnu.org>
Date: Mon Sep 16 09:32:30 2019 -0400
x509: cleanup cert_VerifySubjectAltName(), and its use of idtoa()
- replace the id string parameter with the underlying id_t
this way the function, and not the caller, can control how the ID->A
conversion is performed
use jam_raw_bytes() so no sanitization occures and then sanitize the
raw ID when logging
- merge in d8529c6157d0cfe1620e7a7530bac1e5f1a1fb2d's code logging both
the ID's type and text into function
suspect ID_ prefix should be dropped
and drop redundant logging at call site; update tests
- merge in d8529c6157d0cfe1620e7a7530bac1e5f1a1fb2d's
passert(raw_id[0]=='@') but as as a pexpect()
discover bug where one caller is passing in an ASN.1 DN ID with
first character discarded (it isn't '@')
suspect that calling with an ASN.1 DN ID (even after fix) is futile
suspect the code can check the ID's kind and then not bother when it
isn't an IP or DNS
- shuffle function body so that cert's alt name is upacked first
and try to clarify error messages; is there an nss error that can be
appended
_______________________________________________
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic