strongswan

sharpetronics/strongswan

Fork 0

mirror of https://github.com/strongswan/strongswan.git synced 2025-11-15 00:01:42 -05:00

Commit Graph

Author	SHA1	Message	Date
Martin Willi	f95d512251	testing: Use identity based CA restrictions in rw-hash-and-url-multi-level This is a prominent example where the identity based CA constraint is benefical. While the description of the test claims a strict binding of the client to the intermediate CA, this is not fully true if CA operators are not fully trusted: A rogue OU=Sales intermediate may issue certificates containing a OU=Research. By binding the connection to the CA, we can avoid this, and using the identity based constraint still allows moon to receive the intermediate over IKE or hash-and-url.	2019-12-06 10:07:47 +01:00
Tobias Brunner	91dabace11	testing: Add scenario with hash-and-URL encoding for intermediate CA certificates	2019-11-26 11:12:26 +01:00

Author

SHA1

Message

Date

Martin Willi

f95d512251

testing: Use identity based CA restrictions in rw-hash-and-url-multi-level

This is a prominent example where the identity based CA constraint is
benefical. While the description of the test claims a strict binding
of the client to the intermediate CA, this is not fully true if CA operators
are not fully trusted: A rogue OU=Sales intermediate may issue certificates
containing a OU=Research.

By binding the connection to the CA, we can avoid this, and using the identity
based constraint still allows moon to receive the intermediate over IKE
or hash-and-url.

2019-12-06 10:07:47 +01:00

Tobias Brunner

91dabace11

testing: Add scenario with hash-and-URL encoding for intermediate CA certificates

2019-11-26 11:12:26 +01:00

2 Commits