[strongSwan-dev] Stroke vs VICI: defaulting to certificate subject for ID
Tobias Brunner
tobias at strongswan.org
Fri Sep 4 10:22:12 CEST 2020
Hi Jean-François,
> When a configuration is sent to Charon via Stroke and an id is not
> confirmed by the associated certificate subject, the id is defaulting to
> the certificate subject.
> This behavior is not present when a configuration is sent to Charon via
> VICI.
> Is it voluntary or a missing check ?
There is only a fallback to the subject DN of the (First) configured
certificate if there is no identity configured, no checks on configured
identities are performed. I currently don't see a need to add any such
checks.
Regards,
Tobias
More information about the Dev
mailing list