Merge branch 'multi-cert'

Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
author: Martin Willi <martin@revosec.ch> 2013-03-01 11:35:32 +0100
committer: Martin Willi <martin@revosec.ch> 2013-03-01 11:35:32 +0100
commit: e82deaf6ce7759590dcb49a76f6369be7ee871d3 (patch)
tree: ee37b1b72a95bf2b9c2f25a28cbfc79ac3cdc548 /man/ipsec.conf.5.in
parent: adf239abca62808cecf9530120091fa69f4f183f (diff)
parent: 51dbcf649712f8cabe28a5628facb4741e101dc8 (diff)
download: strongswan-e82deaf6ce7759590dcb49a76f6369be7ee871d3.tar.bz2
strongswan-e82deaf6ce7759590dcb49a76f6369be7ee871d3.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 3c0071694..e778ab773 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -618,6 +618,10 @@ connection. See ipsec.secrets(5) for details about smartcard definitions.
 is required only if selecting the certificate with
 .B leftid
 is not sufficient, for example if multiple certificates use the same subject.
+.br
+Multiple certificate paths or PKCS#11 backends can be specified in a comma
+separated list. The daemon chooses the certificate based on the received
+certificate requests if possible before enforcing the first.
 .TP
 .BR leftcert2 " = <path>"
 Same as
author	Martin Willi <martin@revosec.ch>	2013-03-01 11:35:32 +0100
committer	Martin Willi <martin@revosec.ch>	2013-03-01 11:35:32 +0100
commit	e82deaf6ce7759590dcb49a76f6369be7ee871d3 (patch)
tree	ee37b1b72a95bf2b9c2f25a28cbfc79ac3cdc548 /man/ipsec.conf.5.in
parent	adf239abca62808cecf9530120091fa69f4f183f (diff)
parent	51dbcf649712f8cabe28a5628facb4741e101dc8 (diff)
download	strongswan-e82deaf6ce7759590dcb49a76f6369be7ee871d3.tar.bz2 strongswan-e82deaf6ce7759590dcb49a76f6369be7ee871d3.tar.xz