[Swan-dev] commit 3c13e367 X509: fixup SAN and ID handling change wanted?
Paul Wouters
paul at nohats.ca
Mon Sep 4 18:31:19 UTC 2017
On Mon, 4 Sep 2017, Wolfgang Nothdurft wrote:
> With the following commit the default in pluto_process_certs changed from
> TRUE to BAD. Now when I try to connect the specified certificate is rejected
> because there is no trusted ca for this certificate.
>
> X509: Certificate rejected for this connection
> X509: CERT payload bogus or revoked
>
> Is this change intended?
> How do connections without CA work now?
> Or am I missing something?
If you have a connection that defines leftcert= and rightcert= then it
should work. If it does not, that's a bug.
Paul
More information about the Swan-dev
mailing list