Hi, > Is there any other way to get to tls_peer_t from the updown_listener.c ?
No, there is no easy way to do that. It's also not that easy to patch tls_peer_t because it has no access to the daemon (it's implemented in libtls). So you'd have to extend tls_peer_t, tls_t and tls_eap_t to somehow get the auth_cfg_t or the certificate in eap_tls_t and then either merge that with the auth config of the IKE_SA or store that information somewhere else (e.g. via lib->set) so it can be retrieved in the updown listener. Regards, Tobias
