On Wed, 28 Oct 2020, Andrew Cagney wrote:
in ikev2-x509-20-multicert-rightid-san-wildcard, this causes right to leak "issuer ca": https://testing.libreswan.org/v4.1-83-g9d775e57d4-main/ikev2-x509-20-multicert-rightid-san-wildcard/OUTPUT/east.console.diff - right.ca=%same, so remember to set right.ca to left.ca - rightcert=north, so set right.ca to clone(north.der, "issuer ca") - oh, just remembered, set right.ca to clone(left.ca), leaking old value (vis-à-vis left) So is the above valid?
The configuration is valid. Although rightca=%same is likely not needed there, as %same is also the default. So this should show up too in cases without leftca=%same or rightca=%same. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
