[strongSwan] addrblock
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Jan 22 20:31:43 CET 2020
Yes.
Am 21.01.20 um 19:53 schrieb Modster, Anthony:
> Hello
>
>
>
> If the parameter charon.plugins.addrblock.strict = “no”, and address blocks exist in the certificates.
>
>
>
> Will the addrblock plugin try to set the traffic selectors ?
>
>
>
>
>
> The *pki tool* <https://wiki.strongswan.org/projects/strongswan/wiki/IpsecPki> gained support for generating certificates with *RFC 3779* <https://tools.ietf.org/html/rfc3779> addrblock extensions. The charon /addrblock/ plugin now dynamically narrows traffic selectors based on the certificate's addrblocks instead of rejecting non-matching selectors completely. This allows generic connections, where the allowed selectors are defined by the used certificates only.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200122/1dda4f1b/attachment-0001.sig>
More information about the Users
mailing list