Hi Jean-François, > When a configuration is sent to Charon via Stroke and an id is not > confirmed by the associated certificate subject, the id is defaulting to > the certificate subject. > This behavior is not present when a configuration is sent to Charon via > VICI. > Is it voluntary or a missing check ?
There is only a fallback to the subject DN of the (First) configured certificate if there is no identity configured, no checks on configured identities are performed. I currently don't see a need to add any such checks. Regards, Tobias
