ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

swanctl: Document the remote ca_id option for identity based CA constraints

This commit is contained in:
Martin Willi 2019-11-28 10:20:50 +01:00 committed by Tobias Brunner
parent 3c71a3201f
commit 55fc514ed2
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/swanctl/swanctl.opt
View File

@ -593,6 +593,16 @@ connections.<conn>.remote<suffix>.cacert<suffix>.slot =
connections.<conn>.remote<suffix>.cacert<suffix>.module =
Optional PKCS#11 module name.
connections.<conn>.remote<suffix>.ca_id =
Identity in CA certificate to accept for authentication.
The specified identity must be contained in one (intermediate) CA
of the remote peer trustchain, either as subject or as subjectAltName.
This has the same effect as specifying _cacerts_ to force clients under
a CA to specific connections; it does not require the CA certificate to
be available locally, and can be received from the peer during the
IKE exchange.
connections.<conn>.remote<suffix>.pubkeys =
Comma separated list of raw public keys to accept for authentication.