[strongSwan] another question about rightca
Harald Dunkel
harri at afaics.de
Sat Sep 9 15:18:46 CEST 2017
Hi folks,
I had a typo in rightca, like
rightca="CN=my-CA"
instead of
rightca="C=DE, O=example gmbh, OU=it, CN=my-CA"
There was a message in charon.log:
CA certificate "CN=my-CA" not found, discarding CA constraint
The IPsec gateway was much more open than intended. Shouldn't
charon ignore a connection with a bad rightca instead, just to
be on the safe side?
Regards
Harri
More information about the Users
mailing list