[Swan-dev] commit 3c13e367 X509: fixup SAN and ID handling change wanted?

Paul Wouters paul at nohats.ca
Mon Sep 4 18:31:19 UTC 2017

On Mon, 4 Sep 2017, Wolfgang Nothdurft wrote:

> With the following commit the default in pluto_process_certs changed from 
> TRUE to BAD. Now when I try to connect the specified certificate is rejected 
> because there is no trusted ca for this certificate.
> X509: Certificate rejected for this connection
> X509: CERT payload bogus or revoked
> Is this change intended?
> How do connections without CA work now?
> Or am I missing something?

If you have a connection that defines leftcert= and rightcert= then it
should work. If it does not, that's a bug.


More information about the Swan-dev mailing list