]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 28ccdff) | patch
credential-manager: Add option to reject trusted end-entity certificates
authorTobias Brunner <tobias@strongswan.org>
Wed, 31 May 2023 12:39:05 +0000 (14:39 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 13 Nov 2023 11:01:41 +0000 (12:01 +0100)
commit04c17ab56a6a00a60cf2ac0becbbc29a7eff22bb
tree17b4747669ed017b78c5d73db1a8b49d546fd2b3tree | snapshot
parent28ccdff6924583a31b164076ec1a8e5258c3350ccommit | diff
credential-manager: Add option to reject trusted end-entity certificates

This allows preventing peers from authenticating with certificates
that are locally trusted, in particular, our own local certificate (which
safeguards against accidental reuse of certificates on multiple peers).

On the other hand, if this option is enabled, end-entity certificates
for peers can't be configured anymore explicitly (e.g. via remote.certs
in swanctl.conf).
conf/options/charon.opt diff | blob | blame | history
src/libstrongswan/credentials/credential_manager.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.