[strongSwan-dev] query on peer (remote) certificate validation

Tobias Brunner tobias at strongswan.org
Fri Dec 4 09:31:44 CET 2020

Hi Simon,

> Does this function
> validate the peer (remote) certificate extensions or validate only local
> certificate extensions?

Validate in what way?  Basically, as the name implies, it parses X.509
extensions so they can be accessed via the getters and enumerators of
the x509_t interface.  It does this for any certificate that's parsed,
local or remote.

> For validating the peer certificate extensions,  do we have any specific
> configuration parameter to enable or it will do by default?

Again, validating what exactly?


More information about the Dev mailing list