[Openswan Users] Two problems with certificates on openswan 1.0.8

Andrea Dell'Amico adellam at sevenseas.org
Fri Jan 21 20:16:56 CET 2005


Hello, I have a node which subject certificate had "D=C=SERVER" in it;
openswan complains with the message "bad right --id: unknown OID in
ID_DER_ASN1_DN (ignored)" and the node is activated.
The strange (wrong) fact is that it acts as a wild card: every node with
a certificate made by the right CA can establish a connection with that
vpn server.
I will request a correct certificate, but I'm puzzled: is it the
expected behaviour?


Another question: For a customer I have to work with certificates with
an "R" field in the subject. openswan rejects them becaus R isn't a
supported field. I may add it to the list of the good ones, but what's
the rationale about supported RDNs? Why a list of supported RDNs is
needed?

Thanks in advance,
andrea

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20050121/93e173d7/attachment.bin


More information about the Users mailing list