man: Fix documentation of pubkey constraints
Hash algorithms have to be repeated for multiple key types. References #2514.
This commit is contained in:
parent
bb58dfb9b5
commit
e698bdea24
|
@ -609,9 +609,10 @@ To limit the acceptable set of hashing algorithms for trustchain validation,
|
|||
append hash algorithms to
|
||||
.BR pubkey
|
||||
or a key strength definition (for example
|
||||
.BR pubkey-sha1-sha256
|
||||
.BR pubkey-sha256-sha512 ,
|
||||
.BR rsa-2048-sha256-sha384-sha512 ,
|
||||
or
|
||||
.BR rsa-2048-ecdsa-256-sha256-sha384-sha512 ).
|
||||
.BR rsa-2048-sha256-ecdsa-256-sha256-sha384 ).
|
||||
Unless disabled in
|
||||
.BR strongswan.conf (5),
|
||||
or explicit IKEv2 signature constraints are configured (see below), such key
|
||||
|
|
|
@ -587,8 +587,9 @@ connections.<conn>.remote<suffix>.auth = pubkey
|
|||
key type followed by the minimum strength in bits (for example _ecdsa-384_
|
||||
or _rsa-2048-ecdsa-256_). To limit the acceptable set of hashing algorithms
|
||||
for trustchain validation, append hash algorithms to _pubkey_ or a key
|
||||
strength definition (for example _pubkey-sha1-sha256_ or
|
||||
_rsa-2048-ecdsa-256-sha256-sha384-sha512_).
|
||||
strength definition (for example _pubkey-sha256-sha512_,
|
||||
_rsa-2048-sha256-sha384-sha512_ or
|
||||
_rsa-2048-sha256-ecdsa-256-sha256-sha384_).
|
||||
Unless disabled in **strongswan.conf**(5), or explicit IKEv2 signature
|
||||
constraints are configured (refer to the description of the **local**
|
||||
section's **auth** keyword for details), such key types and hash algorithms
|
||||
|
|
Loading…
Reference in New Issue