diff options
| author | Martin Willi <martin@revosec.ch> | 2014-10-10 16:33:56 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-10-30 11:32:19 +0100 |
| commit | 69232e2d3dd1a1bdae2dfc2f433de9b8a4ddd052 (patch) | |
| tree | d8190407b0ce69d1d5e63c7a5b5c9378d9471205 /src/libcharon/plugins/unity/unity_provider.h | |
| parent | 885646acd317f4c7e4be13756c7167b8494f8aef (diff) | |
| download | strongswan-69232e2d3dd1a1bdae2dfc2f433de9b8a4ddd052.tar.bz2 strongswan-69232e2d3dd1a1bdae2dfc2f433de9b8a4ddd052.tar.xz | |
constraints: Don't reject certificates with invalid certificate policies
Instead of rejecting the certificate completely if a certificate has a policy
OID that is actually not allowed by the issuer CA, we accept it. However, the
certificate policy itself is still considered invalid, and is not returned
in the auth config resulting from trust chain operations.
A user must make sure to rely on the returned auth config certificate policies
instead of the policies contained in the certificate; even if the certificate
is valid, the policy OID itself in the certificate are not to be trusted
anymore.
Diffstat (limited to 'src/libcharon/plugins/unity/unity_provider.h')
0 files changed, 0 insertions, 0 deletions