On Thu, 7 Feb 2019, D. Hugh Redelmeier wrote:
So: I changed match_certs_id to loop over the whole list. If any cert
matched, a match was declared. But the whole list was processed.
ID_FROMCERT processing wasn't really affected because the first match
would replace it.
So: what would be new? If the match of the first element failed,
perhaps a match against a cert further down the chain would succeed.
Without knowing the structure of the list, it isn't clear.
Here are some results. It sure looks as if the only cert of interest
is the first. So I'll delete the looping code (it was never
committed) and add some comments.
Thanks!
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
