[strongSwan] Adding subjectAltNames to the on demand certificates generated during load testing

Narendra K A naren.ka at gmail.com
Wed May 23 10:32:19 CEST 2012


Thank you for the inputs Martin,

I tried adding * BUILD_SUBJECT_ALTNAMES, "DNS:iprc.nlt.in", * to the
load_tester_creds.c file as u told but i am getting the following error
from the DMN

May 23 13:59:53 localhost charon: 09[DMN] thread 9 received 11
May 23 13:59:54 localhost charon: 09[DMN] killing ourself, received
critical signal

And also i have one more problem from the beginning... ipsec is not reading
any configuration from the ipsec.conf file. If i add rightid or leftid
parameters in the ipsec.conf it is not reflecting the the detailed log
/var/log/messags. Only it is reading from the ""config setup"" section not
from the ""conn %default"" section. Can you please tell me what might be
the problem  ?

Regards,
Naren

On Tue, May 22, 2012 at 1:59 PM, Martin Willi <martin at strongswan.org> wrote:

> Hi Naren,
>
> > The Client certificates are generated on demand signed by the CA
> > certificate ( load_tester_creds.c file ). How can i add the
> > subjectAltName to these on demand certificates ? Is there any
> > configuration file ? or do i need to make alterations in the code ?
>
> No, there is no such configuration option. You'd have to extend the
> sources of load tester.
>
> > I know that the subjectAltName can only be added in the openssl.cnf
> > file before generating the certificate. So how can i make the on
> > demand certificates to read from my openssl.cnf file ?
>
> Load tester does not use OpenSSL to generate the certificate, but our
> own routines from libstrongswan. To add additional attributes to client
> certificates, pass BUILD_* arguments to [1]. See [2] and [3] to read
> more about how the credential building facility works.
>
> Regards
> Martin
>
> [1]
> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/load_tester/load_tester_creds.c#l251
> [2]
> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_factory.h
> [3]
> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/builder.h
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120523/12f3b115/attachment.html>


More information about the Users mailing list