[strongSwan] Reason for certificate rejects
Martin Willi
martin at strongswan.org
Fri Nov 18 14:48:40 CET 2011
Hello Mugur,
>
> There is any way to inform an application about an authentication
> failure due to a certificate rejected by the CRL (or inability to
> fetch the CRL)?
Revocation reasons are currently logged only. Extending the revocation
plugin to store revocation reasons is not that hard, we could save this
information on the resulting auth_cfg_t. Then you could access these
bits from any plugin and do whatever you want with it, for example send
it to an external application.
> There are some specific variables in the updown script specifying the
> exact rejection reason?
No, the updown script does not have this information.
Regards
Martin
More information about the Users
mailing list