> [[GR]] Ok, can you tell me where in the source the certificate > selection takes place?
IKE asks for a private key for a given identity. The credential manager looks for certificates for this identity, and an associated private key. See [1]. > [[GR]] The "computed fingerprint" of what? SHA1 over the subjectPublicKey ASN.1 encoding (KEYID_PUBKEY_SHA1). > 1 the certificate is selected using the first certificate that has a matching > subject compared to leftid > 2 the fingerprint of the associated public key is computed > 3 from any private key, you compute the public key and compute the > fingerprint of that public key > 4 These fingerprints from 3 are compared the fingerprint from 2 and the > matching one is selected Yes, that's correct. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/credentials/credential_manager.c;hb=HEAD#l1044 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
