[Openswan Users] Two problems with certificates on openswan 1.0.8
ken at xelerance.com
Mon Jan 24 13:03:18 CET 2005
Andrea Dell'Amico wrote:
>Hello, I have a node which subject certificate had "D=C=SERVER" in it;
>openswan complains with the message "bad right --id: unknown OID in
>ID_DER_ASN1_DN (ignored)" and the node is activated.
>The strange (wrong) fact is that it acts as a wild card: every node with
>a certificate made by the right CA can establish a connection with that
>I will request a correct certificate, but I'm puzzled: is it the
>Another question: For a customer I have to work with certificates with
>an "R" field in the subject. openswan rejects them becaus R isn't a
>supported field. I may add it to the list of the good ones, but what's
>the rationale about supported RDNs? Why a list of supported RDNs is
Sure, you can modify the defines to add this 'R' field into the list.
The rational was initially that the X.509 patches supported only the
requirements for IPsec X.509 Certs, and not much else. Note that alot
has changed since then, and in more recent versions of the X.509 patch
Andreas has added several features which might help you out here.
http://www.strongsec.com/freeswan/install.txt has info about the
currently support X.509 RDNs.
More information about the Users