[strongSwan] understanding %fromcert
Andreas Steffen
andreas.steffen at strongswan.org
Mon Jul 15 20:18:52 CEST 2013
Hi Daniel,
your proposal certainly makes sense. But often a certificate contains
multiple subjectAltNames (e.g. several e-mail addresses, fully
qualified domain names or rather rarely IP addresses). A notation
as
leftid=%san2
only makes sense if we know in advance how the subjectAltNames are
ordered.
Regards
Andreas
On 07/15/2013 01:25 PM, Daniel Pocock wrote:
> Do you think it would be useful to add some explicit variables for this,
> e.g. allowing users to specify:
>
> leftid=%dn,%san
>
> or
>
> leftid=%san,%dn
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130715/1b9709e2/attachment.bin>
More information about the Users
mailing list