(legacy/ipsec) fixes for certref, caref, trust config data instead of reengineering authentication_method again...