Add leftcert ipsec.conf.5 documentation about smartcard certificates

author Martin Willi <martin@revosec.ch>

Mon, 15 Oct 2012 16:14:03 +0000 (18:14 +0200)

committer Martin Willi <martin@revosec.ch>

Wed, 24 Oct 2012 11:07:53 +0000 (13:07 +0200)
author Martin Willi <martin@revosec.ch>
Mon, 15 Oct 2012 16:14:03 +0000 (18:14 +0200)
committer Martin Willi <martin@revosec.ch>
Wed, 24 Oct 2012 11:07:53 +0000 (13:07 +0200)
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in

index ec8335c05df506e7f6d06524b79c36dd7500c9a0..80100499473c64365855b690fd63c8859427baed 100644 (file)
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -589,6 +589,18 @@ to the distinguished name of the certificate's subject.
  The left participant's ID can be overridden by specifying a
  .B leftid
  value which must be certified by the certificate, though.
+.br
+A value in the form
+.B %smartcard:<keyid>
+defines a specific certificate to load from a PKCS#11 backend for this
+connection.
+.B <keyid>
+has to be a hex encoded key identifier under which the certificate is stored
+on any of the configured smartcards.
+.B leftcert
+is required only if selecting the certificate with
+.B leftid
+is not sufficient, for example if multiple certificates use the same subject.
  .TP
  .BR leftcert2 " = <path>"
  Same as
author	Martin Willi <martin@revosec.ch>
	Mon, 15 Oct 2012 16:14:03 +0000 (18:14 +0200)
committer	Martin Willi <martin@revosec.ch>
	Wed, 24 Oct 2012 11:07:53 +0000 (13:07 +0200)