[strongSwan] addrblock plugin
Noel Kuntze
noel at familie-kuntze.de
Mon Aug 24 15:03:24 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Tobias,
> It verifies RFC 3779 IPAddrBlocks X.509 extensions in certificates and
> allows checking them against proposed traffic selectors.
That much I figured out by looking at the description in the plugin list.
What format of traffic selectors does the plugin accept in the X.509 certificate?
How does the plugin behave when the user on the side, that uses the plugin,
sets a TS larger than the one permitted by the certificate? Does it correctly narrow
it to the one allowed by the certificate?
Does the plugin make building the CHILD_SA fail if the TS is not within
the data in the certificate?
- --
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJV2xYWAAoJEDg5KY9j7GZYd5kP/jaSid73qVC0IUeJjus+HdvE
WwlBCpWn4IDOGDk2HEJr6fRAbpJClR3ate3WyaCAg1nmg7B1TFbiOQghQBcfUGxd
LCM0oi9TAGmfi8xyVL/RfAb28eRzz92T36d18cFoyPpObmHmEchQJWTLiQQvEvz+
cbULh+be433TzawrlS0NzHvZOgSN0GBnv8/flJxqNindOPsT0jseEZp8oOiKB9Ee
hBp1mLwAAMKMmMaRsSOWUyTvO74OnO0eXimQOUlcuQ6bx5zCAaz4nwWFPlnt43rV
CWn7An2bnEefs+4Cd8z6AA/UCxGsficuhOQwIF5jEZlWVimt3lrpIOtSiYMjfeYP
xRweTUR6bnZDLsFTpMyh0vIeQ8yqGZ83Kopgca1cg4mE86MCOCQ77E7xFOLweQCj
TFLh48FQgGl+JEpVJPm1qeSZV8mvQNszIQYDYRCpZt3hAvMi52XkM1sZv+uLUQq5
9vaSj8K7rMum8ejEGoBcCQ8P1dr2cMGxonoHPRXSBf2xXTM6Mex8by17kmNxTJqD
RNOT4UNzzBhMFGDths4yFozwJoNsFhjXEj0j9fe58v/XR0Q4arZvXfY92Ot9dNl9
Rd6aXBCIRYdWmlKZTyak9RShM7OWm8cO+kR3iHV5PdInf+wu7DFCPZSzbbkjlE2I
fC6MCpwBzIR7Zp6KVn8c
=FZrU
-----END PGP SIGNATURE-----
More information about the Users
mailing list