Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

relax CA constraints for client (the client equivalent of PR #1675) #1768

Merged
merged 2 commits into from
Apr 18, 2020
Merged

relax CA constraints for client (the client equivalent of PR #1675) #1768

merged 2 commits into from
Apr 18, 2020

Conversation

aleks-mariusz
Copy link
Contributor

@aleks-mariusz aleks-mariusz commented Apr 6, 2020
edited
Loading

Description

Per @jackivanov in #1675 ca constraints are relaxed in server side, and per his comment it is needed to be done on client side as well.

This PR implements these changes in the client ansible-role.

Motivation and Context

fixes #1758 and #1745

How Has This Been Tested?

tested by running included deploy-client playbook

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • [] My change requires a change to the documentation.
  • [] I have updated the documentation accordingly.
  • [] I have added tests to cover my changes.
  • All new and existing tests passed.

@aleks-mariusz aleks-mariusz mentioned this pull request Apr 6, 2020
Closed
@CLAassistant
Copy link

CLAassistant commented Apr 6, 2020
edited
Loading

CLA assistant check)
All committers have signed the CLA.

@aleks-mariusz
Copy link
Contributor Author

Seems i've mistakenly hard-coded the path to the destination (output) file, from the line before it, it appears in the test environment that /etc/strongswan is not being used (and i should probably be using {{ configs_prefix }} anyway), i'll re-submit with the use of that instead but if this set up isn't using strongswan then i could use some advice where this file should go (or if it needs to be implemented another way entirely)

@jackivanov jackivanov merged commit 4f1b927 into trailofbits:master Apr 18, 2020
@jackivanov
Copy link
Collaborator

Thanks!

davedittrich pushed a commit to davedittrich/algo that referenced this pull request Sep 25, 2020
@aleks-mariusz @davedittrich
relax CA constraints for client (the client equivalent of PR trailofb…
dccd207 
…its#1675) (trailofbits#1768)

* relax CA constraints for client (the client equivalent of PR trailofbits#1675)

* fixing incorrectly hard-coded output file path
foodneutrino pushed a commit to foodneutrino/algo that referenced this pull request Sep 19, 2021
@aleks-mariusz @foodneutrino
relax CA constraints for client (the client equivalent of PR trailofb…
baf745d 
…its#1675) (trailofbits#1768)

* relax CA constraints for client (the client equivalent of PR trailofbits#1675)

* fixing incorrectly hard-coded output file path
@cjac
Copy link

cjac commented Jan 6, 2023

Hello friends, is this still relavent?

@cjac
Copy link

cjac commented Jan 6, 2023

oh, it was merged! Sorry I missed that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Loading of cacert.pem fails in strongSwan due to X509v3 Name Constraints
4 participants
@aleks-mariusz @CLAassistant @jackivanov @cjac