updated documentation on leftsendcert
This commit is contained in:
parent
b6f19a6ab4
commit
123fdf700a
8
README
8
README
|
@ -1505,12 +1505,16 @@ any certificates to the other end via the IKE Main Mode protocol. Especially
|
|||
if self-signed certificates are used which wouldn't be accepted any way by
|
||||
the other side. In these cases it is recommended to add
|
||||
|
||||
leftsendcert=never
|
||||
leftsendcert=never
|
||||
|
||||
to the connection definition[s] in order to avoid the sending of the host's
|
||||
own certificate. The default value is
|
||||
|
||||
leftsendcert=always.
|
||||
leftsendcert=ifasked
|
||||
|
||||
If a peer does not send a certificate request then use the setting
|
||||
|
||||
leftsendcert=always
|
||||
|
||||
If a peer certificate contains a subjectAltName extension, then an alternative
|
||||
rightid type can be used, as the example "conn sun" shows. If no rightid
|
||||
|
|
|
@ -703,8 +703,8 @@ extern enum_names cert_type_names;
|
|||
extern enum_name_t *cert_policy_names;
|
||||
|
||||
typedef enum certpolicy {
|
||||
CERT_ALWAYS_SEND = 0, /* the default */
|
||||
CERT_SEND_IF_ASKED = 1,
|
||||
CERT_ALWAYS_SEND = 0,
|
||||
CERT_SEND_IF_ASKED = 1,
|
||||
CERT_NEVER_SEND = 2,
|
||||
|
||||
CERT_YES_SEND = 3, /* synonym for CERT_ALWAYS_SEND */
|
||||
|
|
Loading…
Reference in New Issue