[strongSwan-dev] Get remote certificate in authorize hook

Guillaume DEBROS guillaume.debros at stormshield.eu
Wed Sep 23 11:52:47 CEST 2015

While I code plugin to confront peer identity to the ldap, in case of pubkey authent, during ike_sa establishment I parsed certificate in order to store a ldap identifier in private_x509.
In authorize hook, I tried to get cert in order to authorize or not IPSEC SA, using peer_cfg and enumerate auth_cfg (remote)
but documentation says "Create an enumerator over added authentication rounds. @param local TRUE for own rules, FALSE for others constraints" and effectively I can read local certx509 but I'm unable to get "(auth, AUTH_RULE_SUBJECT_CERT)" it always return NULL.
How can I get the struct certificate_t used by the remote in authorize hook?


Guillaume DEBROS

More information about the Dev mailing list