Re: fswcert
On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
> On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> > You can save yourself this step: use a leftcert pointing to your
> > certificate, and you don't need the leftid. Reduces redundancy, and
> > avoids having that huge long line in your config file!
>
> Hmm. It would be nice if the manpage for ipsec.conf had been
> patched to mention this...
ipsec.conf(5) doesn't mention certificates at all, since they're not
a part of standard freeswan, and the x509 project doesn't supply a
patched man page. I gather that integrating x509 into standard
freeswan is not on anyone's short-term agenda, alas.
But if you read /usr/share/doc/freeswan/README.x509.gz , in section
4.6 it says
If no rightid or leftid entry is present then the subject
distinguished name contained in the certificate is taken as the
ID.
I missed this the first time through, but someone on the mailing
list mentioned it.
Andrew
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- References:
- fswcert
- From: Victor Vuillard <victor.vuillard@securitykeepers.com>
- Re: fswcert
- From: "Noah L. Meyerhans" <frodo@morgul.net>
- Re: fswcert
- From: lupe@lupe-christoph.de (Lupe Christoph)
- Re: fswcert
- From: Andrew Pimlott <ota-10@andrew.pimlott.net>
- Re: fswcert
- From: lupe@lupe-christoph.de (Lupe Christoph)