On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
> On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> > You can save yourself this step: use a leftcert pointing to your
> > certificate, and you don't need the leftid.  Reduces redundancy, and
> > avoids having that huge long line in your config file!
> 
> Hmm. It would be nice if the manpage for ipsec.conf had been
> patched to mention this...

ipsec.conf(5) doesn't mention certificates at all, since they're not
a part of standard freeswan, and the x509 project doesn't supply a
patched man page.  I gather that integrating x509 into standard
freeswan is not on anyone's short-term agenda, alas.

But if you read /usr/share/doc/freeswan/README.x509.gz , in section
4.6 it says

    If no rightid or leftid entry is present then the subject
    distinguished name contained in the certificate is taken as the
    ID.

I missed this the first time through, but someone on the mailing
list mentioned it.

Andrew


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to