On Sat, 27 Feb 2021, Andrew Cagney wrote:
I'm getting ready to push a change in how authentication is logged. The long term objective is to get the authentication down to a single line (perhaps per-auth method allowed?).
Sounds good.
-> I'll probably reword it so that <hash> comes earlier in the possibly very long log line
ok.
-> it should probably include "local" or "remote" to indicate where the cert came from
The term local/remote might not make it clear whether it is identifying the local/remote or whether the cert is configured locally or received from the remote ? Maybe use "locally configured cerficiate" and "received remote certificate" ? But that is using a lot of characters. Maybe "received peer certificate"
-> is anything missing?
Nothing comes to mind.
+003 "ikev1-aggr-failtest" #3: RSA signature check for '@east-v1' failed, tried preloaded certs: *000000000(length) -> I'm not sure if "(length)" is helpful or not, it could be made longer?
I don't think so.
-> I'm going to rename "preloaded" to "local"
Again that might be confusing people to think you tried to verify the peer using a certificate for the local endpoint, versus verifying the peer using a locally stored certificate". Maybe "preconfigured", or "locally stored" ? Paul _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
