[Swan] how/where to configure list of 'valid' certs
Tuomo Soini
tis at foobar.fi
Mon Jan 15 17:57:11 EET 2024
On Sun, 14 Jan 2024 15:31:00 +0000
Marc <Marc at f1-outsourcing.eu> wrote:
> >
> > strangely this:
> >
> > rightid="O=Example,CN=android13client.example.com"
> > and
> > rightid="CN=android13client.example.com"
These two shouldn't work. Depending on your certificate subject only
first or second can work.
> >
> > allows access, however
> >
> > rightid="CN=*.example.com"
This can't match because you can't match part of subject label. So you
can only match rightid="CN=*" - and if this matches your cert, first
example on previous one couldn't match your certificate because it has
label "O=Example" which is not matched.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Swan
mailing list