A question arose about a good choice of the default directory for
trusted CA certificates over these proposed rpm PRs:
https://src.fedoraproject.org/rpms/strongswan/pull-request/6
https://src.fedoraproject.org/rpms/strongswan/pull-request/7
An IKEv2 client from strongSwan package, charon-nm, need
Hi Kai,
2018-06-12 16:55 GMT+03:00 Kai Engert :
>
> If a single CA list for both TLS and VPNs was used, and a user added a
> VPN's private CA to that shared list, it would technically enable the
> VPN operator to issue false certificates, and TLS clients like Firefox
> would then trust such false