[strongSwan] enforcement of rightca2 for eap-tls connections

Sach K sacho.polo at gmail.com
Wed Feb 6 09:47:38 CET 2019


I am testing eap-tls connections from Windows10 using eap-tls and
eap-identity. I am using rightca2 on the responder (strongswan) to enforce
that the cert presented by the Windows10 client is signed by a particular
CA, but I see that this constraint is not being enforced. I can present any
cert as long as the ca for that cert is trusted. Is righhtca2 supposed to
work with eap-tls and eap-identity connections? I tested with a regular
rsasig connection and in that case, the constraint is enforced.

thanx and regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190206/fcd23764/attachment.html>

More information about the Users mailing list