This commit:
commit 9bc2e4e7f61ec5e4bfd303614974559ce389fbf4
Author: Andrew Cagney <[email protected]>
Date: Sun Jan 13 16:17:09 2019 -0500
x509: eliminate VERIFY_RET* replacing verify_and_cache_chain() with
find_and_verify_certs()
introduced this code:
if (!pexpect(root_certs != NULL) || CERT_LIST_EMPTY(root_certs)) {
libreswan_log("No Certificate Authority in NSS Certificate DB!
Certificate payloads discarded.");
return NULL;
}
This broke x509-pluto-05 that uses two selfsigned certs without CA.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
