Hello Mugur, > > There is any way to inform an application about an authentication > failure due to a certificate rejected by the CRL (or inability to > fetch the CRL)?
Revocation reasons are currently logged only. Extending the revocation plugin to store revocation reasons is not that hard, we could save this information on the resulting auth_cfg_t. Then you could access these bits from any plugin and do whatever you want with it, for example send it to an external application. > There are some specific variables in the updown script specifying the > exact rejection reason? No, the updown script does not have this information. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
