updated documentation on leftsendcert

author: Andreas Steffen <andreas.steffen@strongswan.org> 2009-06-06 16:23:42 +0200
committer: Martin Willi <martin@strongswan.org> 2009-06-09 11:03:33 +0200
commit: 123fdf700a03825946dd227d43935cad49e01da6 (patch)
tree: 467d8f88e6b1c02730353db562f2dfc38e7a4683 /README
parent: b6f19a6ab4dbe139c6ed8b863db69df7c40a391c (diff)
download: strongswan-123fdf700a03825946dd227d43935cad49e01da6.tar.bz2
strongswan-123fdf700a03825946dd227d43935cad49e01da6.tar.xz
1 files changed, 6 insertions, 2 deletions
diff --git a/README b/README
index 8e82e59f8..101e4838c 100644
--- a/README
+++ b/README
@@ -1505,12 +1505,16 @@ any certificates to the other end via the IKE Main Mode protocol. Especially
 if self-signed certificates are used which wouldn't be accepted any way by
 the other side. In these cases it is recommended to add
 
-          leftsendcert=never
+    leftsendcert=never
 
 to the connection definition[s] in order to avoid the sending of the host's
 own certificate. The default value is
 
-    leftsendcert=always.
+    leftsendcert=ifasked
+
+If a peer does not send a certificate request then use the setting
+
+    leftsendcert=always
 
 If a peer certificate contains a subjectAltName extension, then an alternative
 rightid type can be used, as the example "conn sun" shows. If no rightid
author	Andreas Steffen <andreas.steffen@strongswan.org>	2009-06-06 16:23:42 +0200
committer	Martin Willi <martin@strongswan.org>	2009-06-09 11:03:33 +0200
commit	123fdf700a03825946dd227d43935cad49e01da6 (patch)
tree	467d8f88e6b1c02730353db562f2dfc38e7a4683 /README
parent	b6f19a6ab4dbe139c6ed8b863db69df7c40a391c (diff)
download	strongswan-123fdf700a03825946dd227d43935cad49e01da6.tar.bz2 strongswan-123fdf700a03825946dd227d43935cad49e01da6.tar.xz