[strongSwan] enforcement of rightca2 for eap-tls connections

[Tobias Brunner]

Hi,

> Rightca does not work either. If I use rightca, the authentication seems
> to fail always, even though the certificate hierarchy is correct. 
> Rightca works when I dont use eap-tls. The constraint is correctly enforced.

Do you use the eap-tls plugin or RADIUS?  It only works with the former
(since 5.3.0), the daemon won't have any information about the
certificate chain used during EAP-TLS with the latter.

Regards,
Tobias