I suspect they're just fighting over the same policy bit?
It comes up as I'm trying to get my brain around things like the else
clause in:
if (!LIN(POLICY_ALLOW_NO_SAN, c->policy)) {
diag_t d = diag("X509: connection failed
due to unmatched IKE ID in certificate SAN");
llog_diag(RC_LOG, ike->sa.st_logger, &d,
"%s", "");
must_switch = true;
} else {
log_state(RC_LOG, &ike->sa, "X509:
connection allows unmatched IKE ID and certificate SAN");
}
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
