CVSROOT: /cvs
Module name: src
Changes by: to...@cvs.openbsd.org 2020/03/24 13:11:46
Modified files:
sbin/iked : ca.c
Log message:
Make our CERTREQ payload handling less strict. If we can not find a
certificate or key matching the trust anchor sent in the CERTREQ, find
any certificate matching the peers ID or use the own public key.
The CERTRQ contentss should only be interpreted as a hint on what the
peer supports. It may still accept our certificate/key if it does
not match the CERTREQ.
ok markus@
