]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0e88b8a) | patch
credential-manager: Improve selection of local certificate and trust chain
authorTobias Brunner <tobias@strongswan.org>
Fri, 12 May 2023 16:36:30 +0000 (18:36 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 2 Jun 2023 08:04:39 +0000 (10:04 +0200)
commitefdcbd13cb65528a91867118521595ac22623654
treedd4ad85af1ed404ad849d03c9ddfe639b1098906tree
parent0e88b8a8174b9dbc284eb7f6e7168566465239c5commit | diff
credential-manager: Improve selection of local certificate and trust chain

The previous code was problematic if a certificate request for a known
but unrelated CA was received and the local trust chain was incomplete.
Due to the received anchor, the incomplete trust chain was dismissed and
any intermediate CA certificates were, therefore, not sent to the peer.

This new approach doesn't dismiss an incomplete trust chain, but prefers
one that can be resolved to a received anchor.  If no such chain is found,
the first one is used.
src/libstrongswan/credentials/credential_manager.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.