critical in nameConstraints lost after last refactoring

2025-08-02 19:03:04 +02:00 · 2020-01-21 13:01:54 +01:00 · 2020-01-21 13:01:54 +01:00 · d5e4964b32
commit d5e4964b32
parent c5cfe9268a
1 changed files with 1 additions and 1 deletions
--- a/roles/strongswan/defaults/main.yml
+++ b/roles/strongswan/defaults/main.yml
@ -17,7 +17,7 @@ subjectAltName: >-
  {%- if ipv6_support -%},IP:{{ ansible_default_ipv6['address'] }}{%- endif -%}
 subjectAltName_USER: "email:{{ item }}@{{ openssl_constraint_random_id }}"
 nameConstraints: >-
-  permitted;{{ subjectAltName_type }}:{{ IP_subject_alt_name }}{{- '/255.255.255.255' if subjectAltName_type == 'IP' else '' -}}
+  critical,permitted;{{ subjectAltName_type }}:{{ IP_subject_alt_name }}{{- '/255.255.255.255' if subjectAltName_type == 'IP' else '' -}}
  {%- if subjectAltName_type == 'IP' -%}
  ,permitted;DNS:{{ openssl_constraint_random_id }}
  {%- else -%}