[strongSwan-dev] getting to peer certificate from ike_sa_t in a eap-tls connection

Sach K sacho.polo at gmail.com
Thu Nov 29 17:38:42 CET 2018


Thanx for the pointers. I will investigate further.

regards,
sk

On Thu, Nov 29, 2018 at 12:15 AM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi,
>
> > Is there any other way to get to tls_peer_t from the updown_listener.c ?
>
> No, there is no easy way to do that.  It's also not that easy to patch
> tls_peer_t because it has no access to the daemon (it's implemented in
> libtls).  So you'd have to extend tls_peer_t, tls_t and tls_eap_t to
> somehow get the auth_cfg_t or the certificate in eap_tls_t and then
> either merge that with the auth config of the IKE_SA or store that
> information somewhere else (e.g. via lib->set) so it can be retrieved in
> the updown listener.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20181129/2cfb7629/attachment.html>


More information about the Dev mailing list