Rebased ref, commits from common ancestor:
commit 0ddc02bc39eaa62e632c0bcebc57c2aabc4095da
Author: Kai Engert <[email protected]>
Date: Fri Oct 19 15:15:49 2018 -0400
building: Add NSS_HAS_IPSEC_PROFILE= flag
This flag can be set when NSS supports certificate validation using
the IPsec profile. This disables requires on EKU's. This support
has not yet made it into an NSS release yet, so the option is
disabled by default.
When enabled it no longer uses the "kludge" to validate the cert
as a client after validation as a server fails.
With this option set (and an NSS version with IPsec profile support),
certificates without nsCert= can also be properly validated
See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=1252891
https://bugzilla.redhat.com/show_bug.cgi?id=1639404
Signed-off-by: Paul Wouters <[email protected]>
commit 2b0ba9b9c164fc1693358a3e9d8ddaa247be5baf
Author: Paul Wouters <[email protected]>
Date: Fri Oct 19 16:11:59 2018 -0400
updated changes
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
