[strongSwan-dev] query on peer (remote) certificate validation

Tobias Brunner tobias at strongswan.org
Tue Dec 8 09:29:15 CET 2020

Hi Simon,

> I will change the remote certificate key usage value to something not
> compliant with RFC 4945.

Compliance with RFC 4945 is already enforced since 5.6.3 [1].
Authentication will fail for non-compliant peer certificates.


[1] https://wiki.strongswan.org/versions/69

More information about the Dev mailing list