[strongSwan] Checking X509 Extended Key Usage

Sven Anders anders at anduras.de
Tue Jun 19 18:22:12 CEST 2018


Hello!

We want to limit the usage of certificates by defining certain
"Extended Key Usage" (EKU) flags to them.

As an example, we want to set the "IPSec User" usage (1.3.6.1.5.5.7.3.7) and
only allow connection via IPSec, if it is set. We may use some other flags
out of our own space too.

How can I check in StrongSwan, if a certain EKU exists?

Regards
 Sven Anders

-- 
 Sven Anders <anders at anduras.de>                 () UTF-8 Ribbon Campaign
                                                 /\ Support plain text e-mail
 ANDURAS intranet security AG
 Messestrasse 3 - 94036 Passau - Germany
 Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55

Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.
  - Benjamin Franklin



More information about the Users mailing list