New commits:
commit 41f31b44159fa6619f801cceb7e169208914e0e8
Author: Paul Wouters <[email protected]>
Date: Fri Oct 19 15:15:49 2018 -0400
building: Add NSS_HAS_IPSEC_PROFILE= flag
This flag can be set when NSS supports certificate validation using
the IPsec profile. This disables requires on EKU's. This support
has not yet made it into an NSS release yet, so the option is
disabled by default.
When enabled it no longer uses the "kludge" to validate the cert
as a client after validation as a server fails.
With this option set (and an NSS version with IPsec profile support),
certificates without nsCert= can also be properly validated
See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=1252891
https://bugzilla.redhat.com/show_bug.cgi?id=1639404
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
