New commits:
commit ebe1863e0b03c1b7565f33df3ab0017b43693d22
Author: Andrew Cagney <[email protected]>
Date: Fri May 11 16:16:14 2018 -0400
x509: directly import the certificate from the payload
Instead of first building an array of pointers to SECItems pointing at
CERT_DERs, import each certificate directly. This way a CERT_DER in a
PCKS7 payload (a pointer to an internal buffer) doesn't need to be
saved while the rest of the array is being constructed - instead it
can be imported immediately.
Replaces crt_tmp_import() and cert_payloads_to_si_ders() with
import_der_certs() and import_cert_payloads().
Add notes, such as around a FIPS check, pointing to a possibly missing
CERT_DestroyCertificate() call.
Also fix a memory leak where an array (containing cert pointers) was
never returned to NSS.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
