commit 30f132ab693ccc852dc03c24879f1eae07dd1dd1 Author: Paul Wouters <[email protected]> Date: Fri Feb 22 14:30:24 2019 -0500 X509: more clearly log warning/errors based on NSS profile used
I'm working on this code too :-( I sure wish I better understood what it is trying to do. There is evidence that you (Paul) don't understand the code 100% either. - log_bad_cert(cur_log->head); + log_bad_cert(usage == certificateUsageSSLClient ? "Warning" : "ERROR", + cur_log->head); At this point, it is an ERROR. There is no way that a different "usage" will be tried. As the comments above this say, the control flow is tricky. And why have two log messages for the same case? I have rewritten (but not published) the code in a way that is clearer, but still not clear enough. I don't completely understand what "fin" means vs what "*bad" means. And I don't yet trust the original code to have this right. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
