[strongSwan] How to use Strongswan 5.0.1 & Smartcard correctly?
Martin Willi
martin at strongswan.org
Fri Oct 12 12:29:25 CEST 2012
> [[GR]] Ok, can you tell me where in the source the certificate
> selection takes place?
IKE asks for a private key for a given identity. The credential manager
looks for certificates for this identity, and an associated private key.
See [1].
> [[GR]] The "computed fingerprint" of what?
SHA1 over the subjectPublicKey ASN.1 encoding (KEYID_PUBKEY_SHA1).
> 1 the certificate is selected using the first certificate that has a matching subject compared to leftid
> 2 the fingerprint of the associated public key is computed
> 3 from any private key, you compute the public key and compute the fingerprint of that public key
> 4 These fingerprints from 3 are compared the fingerprint from 2 and the matching one is selected
Yes, that's correct.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_manager.c;hb=HEAD#l1044
More information about the Users
mailing list