On 25 May 2016 at 15:29, Paul Wouters <[email protected]> wrote: > >> I suspect the correct way is to create the certificate at the same >> time as the key-pair (like certutil -S). > > > I was hoping to avoid that, but if that's what is needed we could do > that.
Since we're using NSS we should, perhaps, try to be more NSS like. Otoh, we know how to find the key-pair using the ckaid so it can be done in rsasigkey or showhostkey. (I still can't see the point of certutil -G (other than provide a reference implementation for rsasigkey)). _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
