[strongSwan] enforcement of rightca2 for eap-tls connections

Sach K sacho.polo at gmail.com
Thu Feb 7 22:33:26 CET 2019

Hi Tobias,

Thank you for your reply.

Rightca does not work either. If I use rightca, the authentication seems to
fail always, even though the certificate hierarchy is correct.
Rightca works when I dont use eap-tls. The constraint is correctly enforced.


On Wed, Feb 6, 2019 at 5:10 AM Tobias Brunner <tobias at strongswan.org> wrote:

> Hi,
> > Is
> > righhtca2 supposed to work with eap-tls and eap-identity connections?
> rightca2 is for a second authentication round.  Which is not what
> happens with EAP-TLS (unless you actually use it in a second round after
> e.g. a regular pubkey authentication).  So maybe try rightca instead.
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190207/624d82cd/attachment.html>

More information about the Users mailing list