[Openswan Users] Aggressive Mode with RSASig

Sascha.Grau at Stud.Tu-Ilmenau.De Sascha.Grau at Stud.Tu-Ilmenau.De
Mon Jan 31 10:20:53 CET 2005


Today i noticed, that using aggressive mode together rsasig authentication, pluto's behaviour
differs from RFC2409 Sect. 5.1. It says, that in message 2 and 3 of the exchange, both parties may
embed certificates and/or certificate requests.
But if my communication partner sends his certificate pluto panics and complains about the
unexpected payload type. I changed pluto to accept CERT and CR in this state, but the corresponding
peer still waits for my cert.

So, here is the question:
Was this case just forgotten or were there any design decisions to do it this way ? I personally
cannot imagine why this should not be supported.

Sascha Grau

More information about the Users mailing list