Project

General

Profile

Issue #2176

HTTP_CERT_LOOKUP_SUPPORTED

Added by Jeonghoon Lee over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
libcharon
Affected version:
5.1.2
Resolution:
No feedback

Description

Hi,

Does it support that the Strongswan sends an HTTP request to obtain a certificate through the specific URL by HTTP_CERT_LOOKUP_SUPPORTED notification if hash signature in the local certificate does not match the one in the CERT payload of IKE_AUTH response, as following?

Strongswan ----- IKE_AUTH request (HTTP_CERT_LOOKUP_SUPPORTED) ----> Server
Strongswan <---- IKE_AUTH response (Cert) ----- Server
Strongswan ----- HTTP request (hash cert signature compare) ----> Server
Strongswan <---- HTTP response ----- Server
Strongswan ----- IKE_AUTH request ----> Server

Thanks

History

#1 Updated by Tobias Brunner over 5 years ago

  • Status changed from New to Feedback

Does it support that the Strongswan sends an HTTP request to obtain a certificate through the specific URL by HTTP_CERT_LOOKUP_SUPPORTED notification if hash signature in the local certificate does not match the one in the CERT payload of IKE_AUTH response, as following?

If you enable support for Hash and URL encoded certificates via charon.hash_and_url in strongswan.conf the client will check if a certificate with the given hash is available (locally installed or cached) and if not attempt to fetch the certificate from the URL indicated in the cert payload received from the server.

#2 Updated by Tobias Brunner over 5 years ago

  • Category set to libcharon
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF