Feature #5244
closed
Allow configuring both leftca and rightca
0%
Description
A second CA field should be added to vpn_ipsec_phase1.php so both leftca and rightca are user-configurable.
Updated by Chris Buechler over 8 years ago
- Subject changed from Allow configuring leftca to Allow configuring both leftca and rightca
- Description updated (diff)
Updated by Jim Thompson over 8 years ago
- Assignee set to Matthew Smith
Assigned to Matt, but if it doesn't get fixed for 2.3, I'm not bothered.
Updated by Matthew Smith over 8 years ago
- Status changed from New to Feedback
I don't think that this needs to be done. There is an existing field to select a server certificate which dictates which certificate will be used on the left/local endpoint. That selection implicitly defines what the left CA will be, because when the certificate is defined, the CA will be whatever CA signed that certificate.
One of the main developers of the strongswan project confirmed this in a mailing list post from a few years ago - https://lists.strongswan.org/pipermail/users/2010-July/000545.html - "Defining a local CA does not make much sense, as you usually specify the certificate (and implicitly its trust chain) directly."
I'm moving the ticket to feedback. I think it's appropriate to leave things as they are. Chris, Jim - let me know if you disagree.
Updated by Chris Buechler over 8 years ago
- Status changed from Feedback to Closed
- Target version deleted (
2.3)
Agree, this is unnecessary since it's implied.