[strongSwan] enforcement of rightca2 for eap-tls connections

Tobias Brunner tobias at strongswan.org
Fri Feb 8 10:13:17 CET 2019


> Rightca does not work either. If I use rightca, the authentication seems
> to fail always, even though the certificate hierarchy is correct. 
> Rightca works when I dont use eap-tls. The constraint is correctly enforced.

Do you use the eap-tls plugin or RADIUS?  It only works with the former
(since 5.3.0), the daemon won't have any information about the
certificate chain used during EAP-TLS with the latter.


More information about the Users mailing list