ikev2: Add an option to disable constraints against signature schemes
authorTobias Brunner <tobias@strongswan.org>
Fri, 27 Feb 2015 17:45:56 +0000 (18:45 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 4 Mar 2015 12:54:11 +0000 (13:54 +0100)
commitb67ae0f89cbbbbbef1af1bdf93e4b59d2c5c37a0
tree4ad4243af391fe774eb506c3c53d8ce2fb96d782
parent31bccf4ba155964a238e9c88e1d38f41b82f7183
ikev2: Add an option to disable constraints against signature schemes

If this is disabled the schemes configured in `rightauth` are only
checked against signature schemes used in the certificate chain and
signature schemes used during IKEv2 are ignored.

Disabling this could be helpful if existing connections with peers that
don't support RFC 7427 use signature schemes in `rightauth` to verify
certificate chains.
conf/options/charon.opt
src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c