[Openswan dev] ID_DER_ASN1_DN change in 2.5.17, was Re: [Openswan Users] Openswan on Fedora 9
mcr at sandelman.ottawa.on.ca
Wed Jun 11 17:38:39 EDT 2008
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>> Being forced to use the "DN" which might well be
>> "localhost.localdomain" if you were dealing with a *racoon* or
>> SonicWall, or or thing that has a self-signed certificate as the
>> only way to get a public key out.
Paul> Obviously the fix there is to use more meaningful self
Paul> generated certificates.
Only if you can control what is in it.
>> You get the old behaviour by leaving out rightid= (it then
>> defaults to %fromcert), or explicitely saying
Paul> That breaks when using left=%defaultroute. And perhaps in more
Paul> scenarios as well. The reason this issue came up at all is
I don't understand how left=%defaultroute relates to leftid=
Paul> Helping people with "localhost.localdomain" certs is not worth
Paul> breaking everyone's working openswan 2.4.x X.509 setup.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
More information about the Dev