Hi Emeric, > Is there a way to get the peer's raw certificate during the authorize hook?
Sure, have a look at the certexpire plugin, or the tkm_listener. > Maybe using a cert_validator hook? Different thing (it's called during the validation of individual certificates, the authorize hook, on the other hand, after each or all authentication rounds are finished) but could be used too depending on the use case. Examples may be found in the addrblock, coupling, constraints and, of course, revocation plugins. Regards, Tobias
