[Openswan dev] CERTREQ with IKE authentication
david
david2005.p at gmail.com
Thu Aug 18 11:35:55 CEST 2005
Hi all,
It seems to me that IKE phase 1 authenticated wit signature works like
this in openswan :
Init Resp
HDR, SA --->
<--- HDR, SA
HDR, KE, Ni --->
<--- HDR, KE, Nr
HDR*, IDii, [ CERT, CERTREQ ] SIG_I --->
<--- HDR*, IDir,
[CERT ] SIG_R
I want to add a "certicate request" on the message of the Responder, like this :
Init Resp
HDR, SA --->
<--- HDR, SA
HDR, KE, Ni --->
<--- HDR, KE, Nr, [ CERTREQ ]
HDR*, IDii, [ CERT, CERTREQ ] SIG_I --->
<--- HDR*, IDir,
[CERT ] SIG_R
I think that the corresponding source code is present in the file
openswan/programs/pluto/ipsec_doi.c on the "if(send_cr)" line 2626
But on line 2571 :
send_cr = !no_cr_send
&& (st->st_oakley.auth == OAKLEY_RSA_SIG)
&& !has_preloaded_public_key(st)
&& st->st_connection->spd.that.ca.ptr != NULL;
"st->st_connection->spd.that.ca.ptr " is always NULL for me.
what does it mean ?
How to solve that ?
rgds , David
More information about the Dev
mailing list