[Openswan Users] Re: Forwarding client certs

Twum K. Djin Twum.K.Djin at Dartmouth.EDU
Mon Apr 18 11:54:45 CEST 2005

--- Paul Wouters wrote:
Don't you already have the certificates elsewhere? You can then just grab the
CN from the logs and lookup the proper certificate.
--- end of quote ---

Thanks Paul,

My intention is to have Openswan set up to accept ANY certificate signed by the trusted CA of the server so I really won't have each cert that the CA has ever signed.
When a client get granted access then they must have presented a valid cert (i.e. signed by this trusted CA) but I would still like to know the particular client hence the need for another tool that processes their certs.

--- You wrote:
programs/pluto/x509*.c is a good start.
--- end of quote ---

Thanks Paul, I'll look at those files then.


More information about the Users mailing list