[Openswan Users] Re: Forwarding client certs
Twum K. Djin
Twum.K.Djin at Dartmouth.EDU
Mon Apr 18 11:54:45 CEST 2005
--- Paul Wouters wrote:
Don't you already have the certificates elsewhere? You can then just grab the
CN from the logs and lookup the proper certificate.
--- end of quote ---
Thanks Paul,
My intention is to have Openswan set up to accept ANY certificate signed by the trusted CA of the server so I really won't have each cert that the CA has ever signed.
When a client get granted access then they must have presented a valid cert (i.e. signed by this trusted CA) but I would still like to know the particular client hence the need for another tool that processes their certs.
--- You wrote:
programs/pluto/x509*.c is a good start.
--- end of quote ---
Thanks Paul, I'll look at those files then.
Twum
More information about the Users
mailing list