[strongSwan-dev] query on peer (remote) certificate validation

SIMON BABY simonkbaby at gmail.com
Tue Dec 8 17:33:26 CET 2020


Thank you Tobias. Is there a way I could get the failure notification in my
application? My application is using vici interface.

Regards
Simon

On Tuesday, December 8, 2020, Tobias Brunner <tobias at strongswan.org> wrote:

> Hi Simon,
>
> > I will change the remote certificate key usage value to something not
> > compliant with RFC 4945.
>
> Compliance with RFC 4945 is already enforced since 5.6.3 [1].
> Authentication will fail for non-compliant peer certificates.
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/versions/69
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20201208/bed5960e/attachment.html>


More information about the Dev mailing list