diff options
author | Tobias Brunner <tobias@strongswan.org> | 2012-02-01 14:34:52 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2012-02-01 14:34:52 +0100 |
commit | 9ec66bc1a5c9b34285aacd459b024102585147a5 (patch) | |
tree | e8d30fea637b6b95e150533c9a79aa6dd96bef32 /man | |
parent | a895801270b853ed592064ea814c7bebcebd64d7 (diff) | |
download | strongswan-9ec66bc1a5c9b34285aacd459b024102585147a5.tar.bz2 strongswan-9ec66bc1a5c9b34285aacd459b024102585147a5.tar.xz |
Added an option to load CA certificates without CA basic constraint.
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
Diffstat (limited to 'man')
-rw-r--r-- | man/strongswan.conf.5.in | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 52ac42c28..3588517c7 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -469,6 +469,10 @@ Database URI for charons SQL plugin .BR charon.plugins.sql.loglevel " [-1]" Loglevel for logging to SQL database .TP +.BR charon.plugins.stroke.ignore_missing_ca_basic_constraint " [no]" +Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA +certificates even if they don't contain a CA basic constraint. +.TP .BR charon.plugins.stroke.max_concurrent " [4]" Maximum number of stroke messages handled concurrently .TP |