mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
d1317adb9a
This allows a gateway to enforce the addrblock policy on certificates that actually have the extension only. For (legacy) certificates not having the extension, traffic selectors are validated/narrowed by other means, most likely by the configuration.
9 lines
421 B
Plaintext
9 lines
421 B
Plaintext
charon.plugins.addrblock.strict = yes
|
|
Whether to strictly require addrblock extension in subject certificates.
|
|
|
|
If set to yes, a subject certificate without an addrblock extension is
|
|
rejected if the issuer certificate has such an addrblock extension. If set
|
|
to no, subject certificates issued without the addrblock extension are
|
|
accepted without any traffic selector checks and no policy is enforced
|
|
by the plugin.
|