<div dir="ltr"><div>I suspect they're just fighting over the same policy bit?</div><div><br></div><div>It comes up as I'm trying to get my brain around things like the else clause in:</div><div><br></div><div>                        if (!LIN(POLICY_ALLOW_NO_SAN, c->policy)) {<br>                                diag_t d = diag("X509: connection failed due to unmatched IKE ID in certificate SAN");<br>                                llog_diag(RC_LOG, ike->sa.st_logger, &d, "%s", "");<br>                                must_switch = true;<br>                        } else {<br>                                log_state(RC_LOG, &ike->sa, "X509: connection allows unmatched IKE ID and certificate SAN");<br>                        }<br></div><div><br></div><div><br></div></div>