[strongSwan] CA certificate in response to certificate request payload in x509 authentication
Tobias Brunner
tobias at strongswan.org
Fri Apr 22 09:47:09 CEST 2016
Hi Sameer,
> The issue I am facing is the peer is request CA certificate in its certificate request payload in the message.
A certificate request payload contains the SHA-1 hashes of the public
keys of CAs a peer accepts (or prefers) end-entity certificates from.
It's not a request to actually send the CA certificate but for the peer
to select its end-entity certificate used for the authentication.
> Is there a way to send the CA certificate if the peer is requesting that
> in the certificate request payload? If yes, how can I do that?
strongSwan does currently never send the root CA certificate of a
certificate chain. Because how would the other peer trust it?
Regards,
Tobias
More information about the Users
mailing list