[Openswan Users] override of Subject-field after it is read from a smartcard

Christian Horn chorn at fluxcoil.net
Wed Apr 19 16:40:51 CEST 2006


Hi,

I try to connect with OpenSwan to a Checkpoint FW-1
using rsasig from a smartcard. From windows the SecureRemote-
client does this.

The connection-attempt comes this far:
pluto[6206]: "fcl" #1: initiating Main Mode
pluto[6206]: "fcl" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
pluto[6206]: "fcl" #1: STATE_MAIN_I2: sent MI2, expecting MR2
pluto[6206]: "fcl" #1: I am sending my cert
pluto[6206]: "fcl" #1: I am sending a certificate request
pluto[6206]: "fcl" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
pluto[6206]: "fcl" #1: STATE_MAIN_I3: sent MI3, expecting MR3
pluto[6206]: "fcl" #1: discarding duplicate packet; already STATE_MAIN_I3
pluto[6206]: "fcl" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
pluto[6206]: "fcl" #1: received and ignored informational message

Looking at the last packet packet i get from the other side
('type NO_PROPOSAL_CHOSEN' in log) i see '[23] User unknown'.
I use the same key for authentication as from windows, checked
the key-serial with the windows-client and pkcs15-tool/openssl.

But the Subject of the cert under windows is different from
what it is here, if that is the problem the 'User unknown' for
my attempts from OpenSwan would make sense.

How to override the Subject from the cert that is read from smart-
card and sent to the other side then?
Using
        leftid="cn-as-seen-on-windows-client"
        leftcert=%smartcard0:02
        leftrsasigkey=%cert
doesnt change it.


Thanks for comments, Christian Horn.


More information about the Users mailing list