[strongSwan] pki --verify Command
Jafar Al-Gharaibeh
jafar at atcorp.com
Mon Feb 12 15:43:07 CET 2018
Hi Tobias,
On 2/12/2018 8:34 AM, Tobias Brunner wrote:
>> I did write a script that does that but I thought it is very inefficient
>> since you have to sweep through CAs/CRLs with pki --print to figure out
>> the correct chain in order to use them with pki --verify.
> You can just pass it all the CA certs/CRLs you (or rather the daemon)
> trust. Unless you have e.g. configs with CA cert constraints there is
> not really a need to pass the exact chain to figure out whether a
> certificate is valid and trusted by the daemon.
Good to know!
>
>> Thanks for
>> letting me know abot pki-verify-dirs. Sounds like what I'm looking for.
>> I wish I knew it exists before wasting time on scripting :-).
> It didn't, I quickly put that together this morning :-)
Well, I initially assumed it did, but when I looked at the branches I
have locally I didn't find it. I knew you've must just added it. thanks! :-)
>
>> Is that branch going to be merged any time soon?
> Probably not with the upcoming release, but maybe the next one.
Now that I know you've just added it, I see why it is not yet in! :-)
Regards,
Jafar
More information about the Users
mailing list