[strongSwan-dev] Getting raw certificate from authorize hook
Sriram Yagnaraman
sriram.yagnaraman at ericsson.com
Wed May 24 16:20:53 CEST 2017
Hi,
I guess this should do the trick in authorize.
METHOD(listener_t, authorize, bool, private_ike_alarm_t *this,
ike_sa_t *ike_sa, bool final, bool *success)
{
enumerator_t *auth_enumerator;
auth_cfg_t *peer_auth_cfg;
certificate_t *peer_cert;
chunk_t cert_pem; // will hold the peer's raw certificate.
auth_enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE);
if (auth_enumerator->enumerate(auth_enumerator, &peer_auth_cfg)) {
peer_cert = peer_auth_cfg->get(peer_auth_cfg, AUTH_HELPER_SUBJECT_CERT);
if (peer_cert) {
cert_pem = chunk_empty;
peer_cert->get_encoding(peer_cert, CERT_PEM, cert_pem);
}
}
/Sriram
-----Original Message-----
From: Dev [mailto:dev-bounces at lists.strongswan.org] On Behalf Of Emeric POUPON
Sent: den 24 maj 2017 16:05
To: dev at lists.strongswan.org
Subject: [strongSwan-dev] Getting raw certificate from authorize hook
Hello,
Is there a way to get the peer's raw certificate during the authorize hook?
The idea would be to perform extra checks on the firmware using an external tool.
Maybe using a cert_validator hook?
Regards,
Emeric
More information about the Dev
mailing list