[strongSwan] Checking X509 Extended Key Usage

Sven Anders anders at anduras.de
Tue Jun 19 18:22:12 CEST 2018


We want to limit the usage of certificates by defining certain
"Extended Key Usage" (EKU) flags to them.

As an example, we want to set the "IPSec User" usage ( and
only allow connection via IPSec, if it is set. We may use some other flags
out of our own space too.

How can I check in StrongSwan, if a certain EKU exists?

 Sven Anders

 Sven Anders <anders at anduras.de>                 () UTF-8 Ribbon Campaign
                                                 /\ Support plain text e-mail
 ANDURAS intranet security AG
 Messestrasse 3 - 94036 Passau - Germany
 Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55

Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.
  - Benjamin Franklin

More information about the Users mailing list