[strongSwan] CA certificate in response to certificate request payload in x509 authentication
agrawalsameer at gmail.com
Fri Apr 22 19:09:31 CEST 2016
So is there a way to send the SHA-1 hashes of the public keys of CAs. Do we
do that already? If not, is there a way to enable it?
On Fri, Apr 22, 2016 at 12:47 AM, Tobias Brunner <tobias at strongswan.org>
> Hi Sameer,
> > The issue I am facing is the peer is request CA certificate in its
> certificate request payload in the message.
> A certificate request payload contains the SHA-1 hashes of the public
> keys of CAs a peer accepts (or prefers) end-entity certificates from.
> It's not a request to actually send the CA certificate but for the peer
> to select its end-entity certificate used for the authentication.
> > Is there a way to send the CA certificate if the peer is requesting that
> > in the certificate request payload? If yes, how can I do that?
> strongSwan does currently never send the root CA certificate of a
> certificate chain. Because how would the other peer trust it?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users