diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-06-06 16:23:42 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-06-09 11:03:33 +0200 |
| commit | 123fdf700a03825946dd227d43935cad49e01da6 (patch) | |
| tree | 467d8f88e6b1c02730353db562f2dfc38e7a4683 | |
| parent | b6f19a6ab4dbe139c6ed8b863db69df7c40a391c (diff) | |
| download | strongswan-123fdf700a03825946dd227d43935cad49e01da6.tar.bz2 strongswan-123fdf700a03825946dd227d43935cad49e01da6.tar.xz | |
updated documentation on leftsendcert
| -rw-r--r-- | README | 8 | ||||
| -rw-r--r-- | src/pluto/constants.h | 4 |
2 files changed, 8 insertions, 4 deletions
@@ -1505,12 +1505,16 @@ any certificates to the other end via the IKE Main Mode protocol. Especially if self-signed certificates are used which wouldn't be accepted any way by the other side. In these cases it is recommended to add - leftsendcert=never + leftsendcert=never to the connection definition[s] in order to avoid the sending of the host's own certificate. The default value is - leftsendcert=always. + leftsendcert=ifasked + +If a peer does not send a certificate request then use the setting + + leftsendcert=always If a peer certificate contains a subjectAltName extension, then an alternative rightid type can be used, as the example "conn sun" shows. If no rightid diff --git a/src/pluto/constants.h b/src/pluto/constants.h index 25764a84d..7fdf5d689 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -703,8 +703,8 @@ extern enum_names cert_type_names; extern enum_name_t *cert_policy_names; typedef enum certpolicy { - CERT_ALWAYS_SEND = 0, /* the default */ - CERT_SEND_IF_ASKED = 1, + CERT_ALWAYS_SEND = 0, + CERT_SEND_IF_ASKED = 1, CERT_NEVER_SEND = 2, CERT_YES_SEND = 3, /* synonym for CERT_ALWAYS_SEND */ |