[strongSwan] IPsec with Certificate Authentication

deepak khandelwal dazz.87 at gmail.com
Mon Nov 5 19:43:19 CET 2012


Hi,

I have a question regarding IPSec with Certificate Authentication where
Certificate contains Multiple IP-Address in Subject Alternative name
extension.

X509v3 Subject Alternative Name:

                IP Address:10.0.0.1, IP Address:20.0.0.1

While checking Cert Validity against identity.
Is it expected to check all IP-Address present in SAN.
or just the first IP-Address is expected to check ?

Best regards,
Deepak
91- 9632308791
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121106/07fd9bef/attachment.html>


More information about the Users mailing list