Feature #5244
closed
Allow configuring both leftca and rightca
Added by Chris Buechler over 8 years ago.
Updated over 8 years ago.
Description
A second CA field should be added to vpn_ipsec_phase1.php so both leftca and rightca are user-configurable.
- Subject changed from Allow configuring leftca to Allow configuring both leftca and rightca
- Description updated (diff)
- Assignee set to Matthew Smith
Assigned to Matt, but if it doesn't get fixed for 2.3, I'm not bothered.
- Status changed from New to Feedback
I don't think that this needs to be done. There is an existing field to select a server certificate which dictates which certificate will be used on the left/local endpoint. That selection implicitly defines what the left CA will be, because when the certificate is defined, the CA will be whatever CA signed that certificate.
One of the main developers of the strongswan project confirmed this in a mailing list post from a few years ago - https://lists.strongswan.org/pipermail/users/2010-July/000545.html - "Defining a local CA does not make much sense, as you usually specify the certificate (and implicitly its trust chain) directly."
I'm moving the ticket to feedback. I think it's appropriate to leave things as they are. Chris, Jim - let me know if you disagree.
- Status changed from Feedback to Closed
- Target version deleted (
2.3)
Agree, this is unnecessary since it's implied.
Also available in: Atom
PDF