[Openswan dev] ID_DER_ASN1_DN change in 2.5.17, was Re: [Openswan Users] Openswan on Fedora 9
Michael Richardson
mcr at sandelman.ottawa.on.ca
Tue Jun 10 09:12:42 EDT 2008
The problem is that you can not use a public key from a certificate with
a different rightid=. Once you say "rightcert=" the rightid was forced,
no choice at all. Many people forced to use PSK because they couldn't
process a certificate.
Being forced to use the "DN" which might well be "localhost.localdomain"
if you were dealing with a *racoon* or SonicWall, or or thing that has a
self-signed certificate as the only way to get a public key out.
You get the old behaviour by leaving out rightid= (it then defaults to
%fromcert), or explicitely saying "rightid=%fromcert".
--
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
More information about the Dev
mailing list