[strongSwan-dev] getting to peer certificate from ike_sa_t in a eap-tls connection

Sach K sacho.polo at gmail.com
Thu Nov 29 07:40:21 CET 2018


Thank you Tobias for the reply.
Is there any other way to get to tls_peer_t from the updown_listener.c ?

regards,
-sk

On Wed, Nov 28, 2018 at 2:39 AM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi,
>
> > Is there a way to get to the peer's certificate from an ike_sa_t pointer
> > for an eap-tls connection.
>
> No, there isn't.  The auth_cfg_t used in the TLS library (tls_peer_t,
> via eap-tls plugin), which stores the certificate, is never merged with
> that used for IKE.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20181128/661acc4d/attachment.html>


More information about the Dev mailing list