On Sun, 14 Jan 2024 15:31:00 +0000 Marc <[email protected]> wrote:
> > > > strangely this: > > > > rightid="O=Example,CN=android13client.example.com" > > and > > rightid="CN=android13client.example.com" These two shouldn't work. Depending on your certificate subject only first or second can work. > > > > allows access, however > > > > rightid="CN=*.example.com" This can't match because you can't match part of subject label. So you can only match rightid="CN=*" - and if this matches your cert, first example on previous one couldn't match your certificate because it has label "O=Example" which is not matched. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
