[strongSwan-dev] Stroke vs VICI: defaulting to certificate subject for ID

Tobias Brunner tobias at strongswan.org
Fri Sep 4 10:22:12 CEST 2020


Hi Jean-Fran├žois,

> When a configuration is sent to Charon via Stroke and an id is not
> confirmed by the associated certificate subject, the id is defaulting to
> the certificate subject.
> This behavior is not present when a configuration is sent to Charon via
> VICI.
> Is it voluntary or a missing check ?

There is only a fallback to the subject DN of the (First) configured
certificate if there is no identity configured, no checks on configured
identities are performed.  I currently don't see a need to add any such
checks.

Regards,
Tobias


More information about the Dev mailing list