Libreswan complies to RFC 4945 but also accepts webpki/TLS authentication. So almost all certificate EKU’s or lack there of will do.
Sent from my iPhone > On Apr 22, 2021, at 13:24, Madhan Raj <[email protected]> wrote: > > > Hi Swan users, > > My libreswan version is libreswan-3.25-9.1.el7.x86_64 > > and my public key has the below XU and EXU extensions currently > > X509v3 Key Usage: > Digital Signature, Key Encipherment, Data Encipherment, > Certificate Sign > X509v3 Extended Key Usage: > TLS Web Server Authentication, TLS Web Client Authentication, > IPSec End System > X509v3 Subject Key Identifier: > EF:D1:D4:57:4F:A1:4A:61:0F:DE:FB:27:AA:63:74:BC:94:ED:A1:18 > X509v3 Basic Constraints: critical > CA:TRUE, pathlen:0 > > So i wan't to know does libreswan really need the Key Encipherment & IPSec > End System XKU to bring up the IKE connection ? > > It would be great if I can get the recommended XU and EXU in the public key > to bring up an ipsec connection up and running. > > Thanks, > Madhan > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
