Hi, I am testing eap-tls connections from Windows10 using eap-tls and eap-identity. I am using rightca2 on the responder (strongswan) to enforce that the cert presented by the Windows10 client is signed by a particular CA, but I see that this constraint is not being enforced. I can present any cert as long as the ca for that cert is trusted. Is righhtca2 supposed to work with eap-tls and eap-identity connections? I tested with a regular rsasig connection and in that case, the constraint is enforced.
thanx and regards, sk
