[strongSwan-dev] Getting raw certificate from authorize hook
Tobias Brunner
tobias at strongswan.org
Wed May 24 16:21:37 CEST 2017
Hi Emeric,
> Is there a way to get the peer's raw certificate during the authorize hook?
Sure, have a look at the certexpire plugin, or the tkm_listener.
> Maybe using a cert_validator hook?
Different thing (it's called during the validation of individual
certificates, the authorize hook, on the other hand, after each or all
authentication rounds are finished) but could be used too depending on
the use case. Examples may be found in the addrblock, coupling,
constraints and, of course, revocation plugins.
Regards,
Tobias
More information about the Dev
mailing list