[Openswan dev] ID_DER_ASN1_DN change in 2.5.17, was Re: [Openswan Users] Openswan on Fedora 9
Tuomo Soini
tis at foobar.fi
Wed Jun 11 01:44:54 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Richardson wrote:
| The problem is that you can not use a public key from a certificate with
| a different rightid=. Once you say "rightcert=" the rightid was forced,
| no choice at all. Many people forced to use PSK because they couldn't
| process a certificate.
|
| Being forced to use the "DN" which might well be "localhost.localdomain"
| if you were dealing with a *racoon* or SonicWall, or or thing that has a
| self-signed certificate as the only way to get a public key out.
Hey. DN was NOT forced before.
leftcert=mycert.pem
leftid=192.0.2.5
That DID work but it required as that id match cert's data which is
required anyway with cert authentication.
| You get the old behaviour by leaving out rightid= (it then defaults to
| %fromcert), or explicitely saying "rightid=%fromcert".
Ah. problem is it's defaulting to IPV4_ADDR, not %fromcert
Defaulting to %fromcert would not be problem.
- --
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFIT2ZWTlrZKzwul1ERAqI3AJ9KUZL0gHGQS7Q5OwxxDEGuzl3SZACcCX8d
irU0SPTay/9pohyNXEMWDS4=
=8eDr
-----END PGP SIGNATURE-----
More information about the Dev
mailing list