CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2010/06/26 23:49:05
Modified files:
sbin/iked : ca.c iked.h ikev2_pld.c
Log message:
When a peer requests a certificate from the local gateway, we first
lookup a cert from /etc/iked/certs/ that is signed by a requested CA.
As a second step we also compare the subjectAltName of any found
certificate now to match the local srcid; this allows to have multiple
certs for the same CA but different srcids in the certs/ directory but
enforces that the subjectAltName has to be set correctly.
requested by jsg@
