CVSROOT: /cvs Module name: src Changes by: [email protected] 2010/06/26 19:11:09
Modified files:
sbin/iked : ca.c
Log message:
Verify that the subjectAltName extension is present and matches the
peer Id if the Id type is not ASN1_DN. If it is ASN1_DN, compare it
with the certificate subjectName (DN). This prevents the peer from
using an arbitrary peer Id (it is signed by the CA in the cert) and
qualifies the optional pf tag.
