On Tue, Oct 9, 2012 at 1:23 PM, Reyk Floeter <r...@openbsd.org> wrote: > Hi, > > the iked.conf(5) manpage says: "If srcid is omitted, the default is to > use the hostname of the local machine, see hostname(1) to set or print > the hostname." This was true but I broke it with a commit about two > years ago :( > > The following diff tells ikev2_policy2id() in ca_setreq() that it's > dealing with a srcid that needs to be obtained from the local hostname > if empty (setting the srcid parameter to 1). This code is called > after receiving a CERTREQ from the peer: The peer gives us a list of > SHA1 hashes of accepted CAs and we look up a matching host certificate > that is signed by one of these CAs and includes a subjectAltName field > that matches our srcid. > > This should unbreak some configurations with OpenBSD as the initiator. > > OK? >
OK > Reyk
