[strongSwan-dev] getting to peer certificate from ike_sa_t in a eap-tls connection

[Tobias Brunner]

Hi,

> Is there any other way to get to tls_peer_t from the updown_listener.c ?

No, there is no easy way to do that.  It's also not that easy to patch
tls_peer_t because it has no access to the daemon (it's implemented in
libtls).  So you'd have to extend tls_peer_t, tls_t and tls_eap_t to
somehow get the auth_cfg_t or the certificate in eap_tls_t and then
either merge that with the auth config of the IKE_SA or store that
information somewhere else (e.g. via lib->set) so it can be retrieved in
the updown listener.

Regards,
Tobias