/*
* creation of first CHILD SA:
- * no nonce and no ke contexts because the ones from the IKE SA are re-used
+ * no nonce and no ke contexts because the ones from the IKE SA are reused
*/
nonce_loc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce_loc);
if (nonce_loc_id == 0 && esa.ke_ids.size == 0)
# 2.6.0 #
-- Allow pre-selecting a user certificate via alias in managed profiles
+- Allow preselecting a user certificate via alias in managed profiles
- Allow selecting a user certificate for managed profiles that don't install their own certificate
- Fix reading split-tunneling settings in managed profiles
- Adapt to edge-to-edge display, which becomes mandatory when targeting Android 16
.EE
.PP
.B NOTE:
-The trusthworthiness of the root CA certificate is either verified automatically
+The trustworthiness of the root CA certificate is either verified automatically
if the Root CA certificate of the TLS trust chain is the same as that of the
Issuing CA. Otherwise trust has to be established manually by verifying the SHA256
or SHA1 fingerprint of the DER-encoded certificate that is e.g. listed on the
RA cert is trusted, valid until Aug 10 15:51:34 2023, 'myra.crt'
.EE
.PP
-The trusthworthiness of the root CA certificate has to be established manually by
+The trustworthiness of the root CA certificate has to be established manually by
verifying the SHA256 or SHA1 fingerprint of the DER-encoded certificate that is
e.g. listed on the official PKI website or by some other means.
.P
.B Online Certificate Status Protocol
(OCSP) responder as defined by RFC 6960, interoperating with an
.B OpenXPKI
-server by directly accessing its internal certificate datebase.
+server by directly accessing its internal certificate database.
.
.SH "COMMANDS"
.
projects / thirdparty / strongswan.git / commitdiff
