[strongSwan] understanding %fromcert
daniel at pocock.com.au
Mon Jul 15 13:25:45 CEST 2013
On 15/07/13 12:51, Andreas Steffen wrote:
> Hello Daniel,
> is an OpenSwan option not supported by strongSwan. The strongSwan
> configuration is
> leftid=carol at strongswan.org
> or simply
> If leftid is missing then left, i.e. the IP address is chosen by
> default for leftid but since the IP address usually is not
> contained as a subjectAltName in the certificate, the fallback
> is for leftid to assume the value of the subject Distinguished
> Name as e.g.
> leftid="C=CH, O=strongSwan, CN=carol at strongswan.org"
So the subjectAltName will only be used if
a) firstname.lastname@example.org and
b) hostname.example.org is in the subjectAltName in the cert?
Do you think it would be useful to add some explicit variables for this,
e.g. allowing users to specify:
More information about the Users