[Openswan dev] ID_DER_ASN1_DN change in 2.5.17, was Re: [Openswan Users] Openswan on Fedora 9
Michael Richardson
mcr at sandelman.ottawa.on.ca
Wed Jun 11 17:41:18 EDT 2008
>>>>> "Tuomo" == Tuomo Soini <tis at foobar.fi> writes:
Tuomo> Hey. DN was NOT forced before.
Tuomo> leftcert=mycert.pem leftid=192.0.2.5
Tuomo> That DID work but it required as that id match cert's data
Tuomo> which is required anyway with cert authentication.
No, it actually ignored "leftid=192.0.2.5", and replaced it with the
subjectAltName. There was no way to say something that wasn't in the
certificate. So, you can't interop with a number of systems.
Tuomo> Ah. problem is it's defaulting to IPV4_ADDR, not %fromcert
Tuomo> Defaulting to %fromcert would not be problem.
Ah, right.
It needs to default to value of left= if leftcert= is not set.
--
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
More information about the Dev
mailing list