Hello,
Our IKEv2 strongSwan Linux client systems should interoperate with a SEG having
limited capabilities
for building up the CERT payload of the IKE-SA-AUTH response. The SEG's CERT
includes only the subject
certificate (no other ancestor certificates are sent within its CERT).
Under which client configuration strongSwan is able to validate the remote SEG?
More details on a specific use case:
Trust anchor "RootX" configured on client and SEG
Client cert chain : "RootX / sub-CAy / client" (all certificates stored on
client)
Client sends "sub-CAy/client" certificates in IKEv2 CERT payload (RootX
cert. not sent)
SEG cert chain : "RootX/sub-CAy/SEG" (same hierarchy, different end
entities)
SEG sends only the "SEG" certificate in CERT payload (instead of
sub-CAy/SEG")
Does authentication work?
Best Regards
Mugur
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
