> Is there any other way for a temp workaround to enforce CA constraint? > Maybe I could place only my ca in cacerts?
If you only have a single trusted CA installed, this definitely implies a CA constraint policy, allowing you to remove the rightca option. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
