From 4f1b9270be99f2323d13ec42a6276bb522037361 Mon Sep 17 00:00:00 2001
From: aleks <a+github@alek.cx>
Date: Sat, 18 Apr 2020 15:03:29 +0100
Subject: [PATCH] relax CA constraints for client (the client equivalent of PR
 #1675) (#1768)

* relax CA constraints for client (the client equivalent of PR #1675)

* fixing incorrectly hard-coded output file path
---
 roles/client/files/libstrongswan-relax-constraints.conf | 5 +++++
 roles/client/tasks/main.yml                             | 8 ++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 roles/client/files/libstrongswan-relax-constraints.conf

diff --git a/roles/client/files/libstrongswan-relax-constraints.conf b/roles/client/files/libstrongswan-relax-constraints.conf
new file mode 100644
index 0000000..26dc19a
--- /dev/null
+++ b/roles/client/files/libstrongswan-relax-constraints.conf
@@ -0,0 +1,5 @@
+libstrongswan {
+  x509 {
+    enforce_critical = no
+  }
+}
diff --git a/roles/client/tasks/main.yml b/roles/client/tasks/main.yml
index a2be955..bc7a221 100644
--- a/roles/client/tasks/main.yml
+++ b/roles/client/tasks/main.yml
@@ -53,6 +53,14 @@
   notify:
     - restart strongswan
 
+- name: Configure libstrongswan to relax CA constraints
+  copy:
+    src: libstrongswan-relax-constraints.conf
+    dest: "{{ configs_prefix }}/strongswan.d/relax-ca-constraints.conf"
+    owner: root
+    group: root
+    mode: 0644
+
 - name: Setup the certificates and keys
   template:
     src: "{{ item.src }}"