Project

General

Profile

Bug #5243

only CAs specified in a P1 should be written out to cacerts

Added by Chris Buechler about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
IPsec
Target version:
Start date:
10/02/2015
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.2.x
Affected Architecture:

Description

Currently all CA certs are written out to ipsec.d/cacerts/ where that should only be CAs specified on a P1 in the configuration.

Associated revisions

Revision c345288b (diff)
Added by Matthew Smith about 4 years ago

Limit strongswan trusted CA certificates to those required for authentication of
the configured IPsec SA's instead of trusting all known CA's. Fixes #5243.

Revision 9d8f66b9 (diff)
Added by Matthew Smith about 4 years ago

Limit strongswan trusted CA certificates to those required for authentication of
the configured IPsec SA's instead of trusting all known CA's. Fixes #5243.

History

#1 Updated by Jim Thompson about 4 years ago

  • Assignee set to Matthew Smith

#2 Updated by Matthew Smith about 4 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#4 Updated by Chris Buechler about 4 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF