[Openswan Users] ANNOUNCE: x509-1.5.2 bug fix release for freeswan-2.04

Andreas Steffen andreas.steffen at strongsec.net
Sat Feb 14 14:37:46 CET 2004


The last release x509-1.5.1 inadvertently introduced a stupid bug
which prevented that a matching roadwarrior connection was found
in IKE phase 1 if the peer sent a certificate request payload (CR)
requesting a specific CA. This bug has been fixed with version 1.5.2
that can be downloaded from

   http://www.strongsec.com/freeswan/

A differential upgrade patch is appended to this mail. On
www.strongsec.com you will also find adapted NAT Traversal and
ALG patches which can be applied to freeswan-2.04-x509-1.5.2.

Kind regards

Andreas

=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===
-------------- next part --------------
diff -urN freeswan-2.04-1.5.1/README.x509 freeswan-2.04-x509/README.x509
--- freeswan-2.04-1.5.1/README.x509	Sat Feb 14 15:13:21 2004
+++ freeswan-2.04-x509/README.x509	Sat Feb 14 15:11:03 2004
@@ -1,7 +1,7 @@
 Installation and Configuration Guide
 ------------------------------------
 
-     X.509 - Version 1.5.1
+     X.509 - Version 1.5.2
 
 Contents
 
diff -urN freeswan-2.04-1.5.1/programs/ipsec/distro.txt freeswan-2.04-x509/programs/ipsec/distro.txt
--- freeswan-2.04-1.5.1/programs/ipsec/distro.txt	Sat Feb 14 15:13:21 2004
+++ freeswan-2.04-x509/programs/ipsec/distro.txt	Sat Feb 14 15:11:22 2004
@@ -1 +1 @@
-X.509-1.5.1 distributed by Andreas Steffen <andreas.steffen at strongsec.com>
+X.509-1.5.2 distributed by Andreas Steffen <andreas.steffen at strongsec.com>
diff -urN freeswan-2.04-1.5.1/programs/pluto/Makefile freeswan-2.04-x509/programs/pluto/Makefile
--- freeswan-2.04-1.5.1/programs/pluto/Makefile	Sat Feb 14 15:13:21 2004
+++ freeswan-2.04-x509/programs/pluto/Makefile	Sat Feb 14 15:11:36 2004
@@ -16,7 +16,7 @@
 
 # This is the X.509 version which is made available to Pluto via the
 # compile-time option -DX509
-X509_VERSION=\"X.509-1.5.1\"
+X509_VERSION=\"X.509-1.5.2\"
 
 # Uncomment this line to enable OCSP and dynamic CRL fetching using HTTP or FTP
 #LIBCURL=1
diff -urN freeswan-2.04-1.5.1/programs/pluto/connections.c freeswan-2.04-x509/programs/pluto/connections.c
--- freeswan-2.04-1.5.1/programs/pluto/connections.c	Sat Feb 14 15:13:21 2004
+++ freeswan-2.04-x509/programs/pluto/connections.c	Sat Feb 14 15:12:04 2004
@@ -3144,7 +3144,7 @@
     int wildcards, best_wildcards;
     int our_pathlen, best_our_pathlen, peer_pathlen, best_peer_pathlen;
 
-    chunk_t peer_ca = get_peer_ca(&c->spd.that.id);
+    chunk_t peer_ca = get_peer_ca(peer_id);
 
     if (same_id(&c->spd.that.id, peer_id)
     && trusted_ca(peer_ca, c->spd.that.ca, &peer_pathlen)


More information about the Users mailing list