CVSROOT: /cvs Module name: src Changes by: to...@cvs.openbsd.org 2020/03/24 13:11:46
Modified files: sbin/iked : ca.c Log message: Make our CERTREQ payload handling less strict. If we can not find a certificate or key matching the trust anchor sent in the CERTREQ, find any certificate matching the peers ID or use the own public key. The CERTRQ contentss should only be interpreted as a hint on what the peer supports. It may still accept our certificate/key if it does not match the CERTREQ. ok markus@