-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Tobias,
> It verifies RFC 3779 IPAddrBlocks X.509 extensions in certificates and > allows checking them against proposed traffic selectors. That much I figured out by looking at the description in the plugin list. What format of traffic selectors does the plugin accept in the X.509 certificate? How does the plugin behave when the user on the side, that uses the plugin, sets a TS larger than the one permitted by the certificate? Does it correctly narrow it to the one allowed by the certificate? Does the plugin make building the CHILD_SA fail if the TS is not within the data in the certificate? - -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV2xYWAAoJEDg5KY9j7GZYd5kP/jaSid73qVC0IUeJjus+HdvE WwlBCpWn4IDOGDk2HEJr6fRAbpJClR3ate3WyaCAg1nmg7B1TFbiOQghQBcfUGxd LCM0oi9TAGmfi8xyVL/RfAb28eRzz92T36d18cFoyPpObmHmEchQJWTLiQQvEvz+ cbULh+be433TzawrlS0NzHvZOgSN0GBnv8/flJxqNindOPsT0jseEZp8oOiKB9Ee hBp1mLwAAMKMmMaRsSOWUyTvO74OnO0eXimQOUlcuQ6bx5zCAaz4nwWFPlnt43rV CWn7An2bnEefs+4Cd8z6AA/UCxGsficuhOQwIF5jEZlWVimt3lrpIOtSiYMjfeYP xRweTUR6bnZDLsFTpMyh0vIeQ8yqGZ83Kopgca1cg4mE86MCOCQ77E7xFOLweQCj TFLh48FQgGl+JEpVJPm1qeSZV8mvQNszIQYDYRCpZt3hAvMi52XkM1sZv+uLUQq5 9vaSj8K7rMum8ejEGoBcCQ8P1dr2cMGxonoHPRXSBf2xXTM6Mex8by17kmNxTJqD RNOT4UNzzBhMFGDths4yFozwJoNsFhjXEj0j9fe58v/XR0Q4arZvXfY92Ot9dNl9 Rd6aXBCIRYdWmlKZTyak9RShM7OWm8cO+kR3iHV5PdInf+wu7DFCPZSzbbkjlE2I fC6MCpwBzIR7Zp6KVn8c =FZrU -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
