[strongSwan-dev] getting to peer certificate from ike_sa_t in a eap-tls connection

Tobias Brunner tobias at strongswan.org
Thu Nov 29 09:15:30 CET 2018


> Is there any other way to get to tls_peer_t from the updown_listener.c ?

No, there is no easy way to do that.  It's also not that easy to patch
tls_peer_t because it has no access to the daemon (it's implemented in
libtls).  So you'd have to extend tls_peer_t, tls_t and tls_eap_t to
somehow get the auth_cfg_t or the certificate in eap_tls_t and then
either merge that with the auth config of the IKE_SA or store that
information somewhere else (e.g. via lib->set) so it can be retrieved in
the updown listener.


More information about the Dev mailing list