[strongSwan] how to use 'rightca' connection option?

[Tobias Brunner]

Hi John,

>         rightca="CN=aa, ST=aa, C=aa, E=aa, O=aa, L=aa, OU=aa, OU=aa"
> 
> I've changed values of fields in righid, but rightca is taken from real
> config without modification.

The CA constraint internally uses certificates to match against the
trust chain.  So you can't set `rightca` to an arbitrary DN.  There must
exist a CA certificate locally that has the configured subject DN.

Regards,
Tobias