[Swan-dev] require-id-on-certificate vs allow-cert-without-san-id
Andrew Cagney
andrew.cagney at gmail.com
Thu May 6 12:00:00 UTC 2021
I suspect they're just fighting over the same policy bit?
It comes up as I'm trying to get my brain around things like the else
clause in:
if (!LIN(POLICY_ALLOW_NO_SAN, c->policy)) {
diag_t d = diag("X509: connection failed
due to unmatched IKE ID in certificate SAN");
llog_diag(RC_LOG, ike->sa.st_logger, &d,
"%s", "");
must_switch = true;
} else {
log_state(RC_LOG, &ike->sa, "X509:
connection allows unmatched IKE ID and certificate SAN");
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210506/ecd7be47/attachment.html>
More information about the Swan-dev
mailing list