[strongSwan] Strongswan Configuration Question
Martin Willi
martin at strongswan.org
Thu Apr 24 10:23:43 CEST 2014
Hi Edward,
> I intentionally desire such a mis-match, so I searched
> for any configuration option to allow this. I believe that no such
> configuration option exists and that a patch to the source would be needed,
> correct?
Yes. You may have a look at the two commits from [1]. They introduce a
charon.cert_id_binding strongswan.conf option. If set to "no", the IKE
identity may be different from the identities in the used certificate.
Due to the security implications, we have not planned to mainstream
these changes.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/cert-id-binding-option
More information about the Users
mailing list