Actions
Feature #5195
closednlsr.conf: accommodate certificate name in KeyLocator
Start date:
Due date:
% Done:
100%
Estimated time:
1.00 h
Description
Currently, several validation rules in nlsr.conf
sample are written as:
key-locator
{
type name
hyper-relation
{
k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><>$
k-expand \\1
h-relation equal
p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><><><>$
p-expand \\1
}
}
This means, the validator can only accept a packet if its KeyLocator contains key name, but would reject the packet if its KeyLocator contains certificate name.
Since #5112, KeyLocator would contain certificate name. Additionally, legacy client may continue to send KeyLocator with key name.
Thus, this rule should be relaxed to accept either key name or certificate name as KeyLocator.
Updated by Junxiao Shi over 2 years ago
- Related to Feature #5112: Include certificate name in KeyLocator added
Updated by Junxiao Shi over 2 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 100
Updated by Junxiao Shi over 2 years ago
- Status changed from In Progress to Closed
Actions