On 10/1/19 4:38 PM, James Prestwood wrote:
src/eap-tls-common.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
* Fixed the ca_cert cleanup, l_certchain_free was being used rather
I ended up pushing my own version of this that was extra paranoid. The
issue is that since the certificates are on disk, we can't simply assume
that they will be loaded successfully (as they might have been
inadvertently or maliciously changed between the time check_settings and
tunnel_init are called).
It might actually make sense to load the keys at load_settings time or
(or even earlier) to avoid extra latency during connection setup time.