[strongSwan] How to use Strongswan 5.0.1 & Smartcard correctly?

Martin Willi martin at strongswan.org
Fri Oct 12 12:29:25 CEST 2012


> [[GR]] Ok, can you tell me where in the source the certificate
> selection takes place?

IKE asks for a private key for a given identity. The credential manager
looks for certificates for this identity, and an associated private key.
See [1].

> [[GR]] The "computed fingerprint" of what? 

SHA1 over the subjectPublicKey ASN.1 encoding (KEYID_PUBKEY_SHA1).

> 1 the certificate is selected using the first certificate that has a matching subject  compared to leftid
> 2 the fingerprint of the associated public key is computed
> 3 from any private key, you compute the public key and compute the fingerprint of that public key
> 4 These fingerprints from 3 are compared the fingerprint from 2 and the matching one is selected

Yes, that's correct.

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_manager.c;hb=HEAD#l1044






More information about the Users mailing list