Tobias just told me that he did some changes to the certificate handling, newly added certificates should get preferred. This does not completely fix the issue, but might work for you. After doing "ipsec reload", you'll have to invoke "ipsec purgex509" to flush the internal certificate cash.
Patching 4.5.0 is a little difficult, as a lot of changes are involved. You might try a snapshot [1] from the current HEAD. Regards Martin [1]http://download.strongswan.org/snapshots/strongswan-4.5.0-185-g6aa144d.tar.bz2 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
