Am Die, 2003-08-05 um 10.49 schrieb Tim Sampson: > Hello > > How does freeswan with the x509 patch know who to trust? I assume I > have to have the client's certificate stored somewhere but I can't see > this in any of the tutorials I have read. FreeS/WAN needs the certificate of the CA used to sign the the client's certificate (/etc/ipsec.d/cacerts/). It can then check the signature of the client's certificate and will trust it when then check turns out to be ok.
Cheers, Ralf > Thanks > Tim -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection f�r Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
