[Openswan dev] ID_DER_ASN1_DN change in 2.5.17, was Re: [Openswan Users] Openswan on Fedora 9
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Jun 9 20:16:15 EDT 2008
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> There is a new setting, which I did not know about:
Paul> leftid=%fromcert
Paul> I'm strongly leaning towards undoing the code that causes this
Paul> to be neccessary, unless someone can convince me that the
Paul> default when using leftcert= should be ID_IPV4_ADDR instead of
Paul> ID_DER_ASN1_DN. I can come up with no valid reason for this.
Because, if the "default" is "ID_DER_ASN1_DN", you can never use X.509
certificates in other than "issued from a common CA" mode.
There is no way to *undo* that option.
--
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
More information about the Dev
mailing list