[Openswan Users] Forwarding client certs

Andreas Steffen andreas.steffen at strongsec.net
Mon Apr 18 09:33:59 CEST 2005

The X.509 subject distinguished name is available in the updown script
via the PLUTO_PEER_ID environment variable. You can do any further
processing of the ID in an individualized updown script that is loaded
via the ipsec.conf connection parameter

    leftupdown=<path to my_updown_script>



Twum K. Djin wrote:
> My VPN server requires that guests authenticate with x.509 certs.
> I would like to have the certs they present forwarded to an application 
> so that I can do some accounting (to extract X.509 information).
> I figure that to do this I should patch some part of the ipsec module 
> (probably the pluto code) but I'm not sure where.
> What part of the code base handles processing client certificates? Could 
> anyone point me in the right direction?
> Twum

Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

More information about the Users mailing list