[strongSwan-dev] query on peer (remote) certificate validation

SIMON BABY simonkbaby at gmail.com
Fri Dec 4 18:26:55 CET 2020


Hello Tobias,
Thank you for the response.

I am specifically looking for interfacing my application with charon for
getting notification of a failure in the case of a remote certificate
parsing failed for key usage extension. Our application uses VICI to pass
configuration information to charon.
I

Regards
Simon

On Fri, Dec 4, 2020 at 12:31 AM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Simon,
>
> > Does this function
> > validate the peer (remote) certificate extensions or validate only local
> > certificate extensions?
>
> Validate in what way?  Basically, as the name implies, it parses X.509
> extensions so they can be accessed via the getters and enumerators of
> the x509_t interface.  It does this for any certificate that's parsed,
> local or remote.
>
> > For validating the peer certificate extensions,  do we have any specific
> > configuration parameter to enable or it will do by default?
>
> Again, validating what exactly?
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20201204/64427576/attachment.html>


More information about the Dev mailing list