addrblock: Support an optional non-strict mode accepting certs without addrblock
authorMartin Willi <martin@strongswan.org>
Wed, 22 Feb 2017 08:43:31 +0000 (09:43 +0100)
committerMartin Willi <martin@strongswan.org>
Thu, 2 Mar 2017 07:24:02 +0000 (08:24 +0100)
commitd1317adb9a45166cdc8f44117a5fa85ecd053552
treec8e856c9269fc1f00b8e6122f973f52f20bf8901
parentda82786b2d8cef68ca6462bf7898a6b19c0b4608
addrblock: Support an optional non-strict mode accepting certs without addrblock

This allows a gateway to enforce the addrblock policy on certificates that
actually have the extension only. For (legacy) certificates not having the
extension, traffic selectors are validated/narrowed by other means, most
likely by the configuration.
conf/Makefile.am
conf/plugins/addrblock.opt [new file with mode: 0644]
src/libcharon/plugins/addrblock/addrblock_validator.c