[Swan-dev] test caes as documentation versus ipsec.conf.common ease of use
Matt Rogers
mrogers at redhat.com
Wed Feb 4 22:10:27 EET 2015
On 02/04, Paul Wouters wrote:
>
> Antony brought up a while ago that due to our use of ipsec.conf.common,
> the test cases do not work very well as documentation. It would be much
> better to write out the full configurations so people can read them and
> understand them better.
>
> I did not like his idea at the time, because it means a lot of copy and
> pasting. And for raw RSA keys it also means a lot of long blobs and
> changing a lot of config files if we ever change RSA keys for hosts.
>
> I'm beginning to lean more and more towards Antony's view. Take the
> pain for the additional free documentation it generates.
>
> What do other people think?
>
I tend to just copy and paste what I need from the common file
connections instead of using the also= stuff
Generally I found that there were some assumptions (ie. leftcert/rightcert)
that don't apply in all cases, and I would also have to always go back
to reference .common and figure out the tests, so I like being able to
see the whole configuration there.
Matt
More information about the Swan-dev
mailing list