[Swan-dev] {left,right}rsasigkey2=...

[Andrew Cagney]

Regardless of the end, a line like:
   leftrsasigkey=
   leftrsasigkey2=...
will always add public keys like:
   (generated?) leftid / leftrsasigkey
   (generated?) leftid / leftrsasigkey2
to the list of raw public keys.  Left will then try all raw public keys
matching <id>.

The problem is that the above aren't tied to "left".  Any connection,
provided the id matches, will use the raw public key; and sometimes use the
wrong one.

Are there any ideas on how to extract us from this quirky mis-feature?  For
instance:
- let ipsec.secrets define raw public keys?
- come up with a syntax that makes it clear that it is shared?
- tie it to the connection's end somehow?
- drop it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20200922/c8a13088/attachment.html>