Actions
Feature #5195
closed
nlsr.conf: accommodate certificate name in KeyLocator
Start date:
Due date:
% Done:
100%
Estimated time:
1.00 h
Description
Currently, several validation rules in nlsr.conf sample are written as:
key-locator
{
type name
hyper-relation
{
k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><>$
k-expand \\1
h-relation equal
p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><><><>$
p-expand \\1
}
}
This means, the validator can only accept a packet if its KeyLocator contains key name, but would reject the packet if its KeyLocator contains certificate name.
Since #5112, KeyLocator would contain certificate name. Additionally, legacy client may continue to send KeyLocator with key name.
Thus, this rule should be relaxed to accept either key name or certificate name as KeyLocator.
Updated by
Actions