strongswan

Commit Graph

Author	SHA1	Message	Date
Martin Willi	d1317adb9a	addrblock: Support an optional non-strict mode accepting certs without addrblock This allows a gateway to enforce the addrblock policy on certificates that actually have the extension only. For (legacy) certificates not having the extension, traffic selectors are validated/narrowed by other means, most likely by the configuration.	2017-03-02 08:24:02 +01:00

Author

SHA1

Message

Date

Martin Willi

d1317adb9a

addrblock: Support an optional non-strict mode accepting certs without addrblock

This allows a gateway to enforce the addrblock policy on certificates that
actually have the extension only. For (legacy) certificates not having the
extension, traffic selectors are validated/narrowed by other means, most
likely by the configuration.

2017-03-02 08:24:02 +01:00

1 Commits