On Tue, Apr 09, 2002 at 06:57:18PM +0200, Lupe Christoph wrote:
> On Tuesday, 2002-04-09 at 08:50:18 -0400, Andrew Pimlott wrote:
> > You can save yourself this step: use a leftcert pointing to your
> > certificate, and you don't need the leftid. Reduces redundancy, and
> > avoids having that huge long line in your config file!
>
> Hmm. It would be nice if the manpage for ipsec.conf had been
> patched to mention this...
ipsec.conf(5) doesn't mention certificates at all, since they're not
a part of standard freeswan, and the x509 project doesn't supply a
patched man page. I gather that integrating x509 into standard
freeswan is not on anyone's short-term agenda, alas.
But if you read /usr/share/doc/freeswan/README.x509.gz , in section
4.6 it says
If no rightid or leftid entry is present then the subject
distinguished name contained in the certificate is taken as the
ID.
I missed this the first time through, but someone on the mailing
list mentioned it.
Andrew
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
