I don't deeply understand what %fromcert is supposed to do.
git grep -ni "fromcert" doc
fails to find an explanation. Only examples.
My particular concern is that in our code,
- a %fromcert in a connection will be mutate to a ID_DER_ASN1_DN by
match_certs_id. The .name field will come from the certificate's
derName.
- this is irreversible
- the connection is not required to be an instance.
This seems quite wrong. Surely there should be a way of reversing
this. Surely there should be a way of binding the connection to
different certificates at different times, and hence the ID should
follow. Perhaps even several at one time.
Am I wrong?
Can we have some documentation? Or did I miss some documentation?
That would let me figure out if the surprising behaviour matches some
intention.
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
