Thanks Tobias So is there a way to send the SHA-1 hashes of the public keys of CAs. Do we do that already? If not, is there a way to enable it?
On Fri, Apr 22, 2016 at 12:47 AM, Tobias Brunner <[email protected]> wrote: > Hi Sameer, > > > The issue I am facing is the peer is request CA certificate in its > certificate request payload in the message. > > A certificate request payload contains the SHA-1 hashes of the public > keys of CAs a peer accepts (or prefers) end-entity certificates from. > It's not a request to actually send the CA certificate but for the peer > to select its end-entity certificate used for the authentication. > > > Is there a way to send the CA certificate if the peer is requesting that > > in the certificate request payload? If yes, how can I do that? > > strongSwan does currently never send the root CA certificate of a > certificate chain. Because how would the other peer trust it? > > Regards, > Tobias > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
