diff options
author | Andreas Oberritter <obi@saftware.de> | 2010-07-29 11:45:06 +0000 |
---|---|---|
committer | Andreas Oberritter <obi@saftware.de> | 2010-08-10 11:10:34 +0000 |
commit | 4c7533e7bbe7f25e4ec3afd8325570b04687e846 (patch) | |
tree | 5bf1f387b44da3f06c829fd2c925bd0039b4441c | |
parent | 4fe3597dce855ea199afa239498c9c1833a6fe48 (diff) | |
download | ipsec-tools-4c7533e7bbe7f25e4ec3afd8325570b04687e846.tar.gz |
Use IDTYPE_ASN1DN when using certificates.
When using certificates, the server (racoon) checks whether the subjectAltName
matches the given identifier. Using the address as identifier is therefore
impossible for roadwarriors. Using the certificate's DN looks like a reasonable
alternative.
Change-Id: I9ed81478dc115276c807329228b2f9dfd4957b74
-rw-r--r-- | setup.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -261,6 +261,7 @@ void setup(int argc, char **argv) pre_shared_key = argv[3]; auth = OAKLEY_ATTR_AUTH_METHOD_PSKEY; } else { + remoteconf.idvtype = IDTYPE_ASN1DN; remoteconf.myprivfile = argv[3]; remoteconf.mycertfile = argv[4]; remoteconf.cacertfile = argv[5]; |