[Openswan dev] ID_DER_ASN1_DN change in 2.5.17, was Re: [Openswan Users] Openswan on Fedora 9

Michael Richardson mcr at sandelman.ottawa.on.ca
Wed Jun 11 17:41:18 EDT 2008

>>>>> "Tuomo" == Tuomo Soini <tis at foobar.fi> writes:
    Tuomo> Hey. DN was NOT forced before.

    Tuomo> leftcert=mycert.pem leftid=

    Tuomo> That DID work but it required as that id match cert's data
    Tuomo> which is required anyway with cert authentication.

  No, it actually ignored "leftid=", and replaced it with the
subjectAltName.   There was no way to say something that wasn't in the
certificate.  So, you can't interop with a number of systems.

    Tuomo> Ah. problem is it's defaulting to IPV4_ADDR, not %fromcert

    Tuomo> Defaulting to %fromcert would not be problem.

  Ah, right.  
  It needs to default to value of left= if leftcert= is not set.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

More information about the Dev mailing list