Hi Deepak, if the peer's identity is an IP address then this address will be checked against all subjectAltName entries in order to see if one of them matches the identity.
Regards Andreas On 05.11.2012 19:43, deepak khandelwal wrote: > > > Hi, > > I have a question regarding IPSec with Certificate Authentication where > Certificate contains Multiple IP-Address in Subject Alternative name > extension. > > X509v3 Subject Alternative Name: > > IP Address:10.0.0.1, IP Address:20.0.0.1 > > While checking Cert Validity against identity. > Is it expected to check all IP-Address present in SAN. > or just the first IP-Address is expected to check ? > > Best regards, > Deepak > 91- 9632308791 ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
