[strongSwan] Adding subjectAltNames to the on demand certificates generated during load testing

Martin Willi martin at strongswan.org
Tue May 22 10:29:58 CEST 2012


Hi Naren,

> The Client certificates are generated on demand signed by the CA
> certificate ( load_tester_creds.c file ). How can i add the
> subjectAltName to these on demand certificates ? Is there any
> configuration file ? or do i need to make alterations in the code ? 

No, there is no such configuration option. You'd have to extend the
sources of load tester.

> I know that the subjectAltName can only be added in the openssl.cnf
> file before generating the certificate. So how can i make the on
> demand certificates to read from my openssl.cnf file ? 

Load tester does not use OpenSSL to generate the certificate, but our
own routines from libstrongswan. To add additional attributes to client
certificates, pass BUILD_* arguments to [1]. See [2] and [3] to read
more about how the credential building facility works.

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/load_tester/load_tester_creds.c#l251
[2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_factory.h
[3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/builder.h






More information about the Users mailing list