[Openswan dev] ID_DER_ASN1_DN change in 2.5.17, was Re: [Openswan Users] Openswan on Fedora 9

Michael Richardson mcr at sandelman.ottawa.on.ca
Mon Jun 9 20:16:15 EDT 2008


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    Paul> There is a new setting, which I did not know about:

    Paul> 	leftid=%fromcert

    Paul> I'm strongly leaning towards undoing the code that causes this
    Paul> to be neccessary, unless someone can convince me that the
    Paul> default when using leftcert= should be ID_IPV4_ADDR instead of
    Paul> ID_DER_ASN1_DN. I can come up with no valid reason for this.

  Because, if the "default" is "ID_DER_ASN1_DN", you can never use X.509
certificates in other than "issued from a common CA" mode.

  There is no way to *undo* that option.

-- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


More information about the Dev mailing list