[Openswan Users] we require peer ID 'O=xxxx, CN=yyyy, D=aaaaa' but peer declares 'O=xxxx, CN=yyyy, D=aaaaa'. Is the same ID!!!!!
Eduardo Barambio Donate
ebarambio at ono.com
Mon Jun 14 15:57:43 EDT 2010
Thanks for your interest.
I commented the same issue in irc and may be a problem with underscores in
RDN, because RFC3280 says:
Implementers should note that the at sign ('@') and underscore ('_')
characters are not supported by the ASN.1 type PrintableString
And in the file lib/libopenswan/x509dn.c there are these lines:
{"ND" , {oid_ND, 7}, ASN1_PRINTABLESTRING},
{"UID" , {oid_UID, 10}, ASN1_PRINTABLESTRING},
{"DC" , {oid_DC, 10}, ASN1_PRINTABLESTRING},
{"CN" , {oid_CN, 3}, ASN1_IA5STRING},
{"S" , {oid_S, 3}, ASN1_PRINTABLESTRING},
{"SN" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
{"serialNumber" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
{"C" , {oid_C, 3}, ASN1_PRINTABLESTRING},
{"L" , {oid_L, 3}, ASN1_PRINTABLESTRING},
{"ST" , {oid_ST, 3}, ASN1_PRINTABLESTRING},
{"O" , {oid_O, 3}, ASN1_PRINTABLESTRING},
{"OU" , {oid_OU, 3}, ASN1_PRINTABLESTRING},
{"T" , {oid_T, 3}, ASN1_PRINTABLESTRING},
{"D" , {oid_D, 3}, ASN1_PRINTABLESTRING},
{"N" , {oid_N, 3}, ASN1_PRINTABLESTRING},
{"G" , {oid_G, 3}, ASN1_PRINTABLESTRING},
{"I" , {oid_I, 3}, ASN1_PRINTABLESTRING},
{"ID" , {oid_ID, 3}, ASN1_PRINTABLESTRING},
{"E" , {oid_E, 9}, ASN1_IA5STRING},
{"Email" , {oid_E, 9}, ASN1_IA5STRING},
{"emailAddress" , {oid_E, 9}, ASN1_IA5STRING},
{"UN" , {oid_UN, 9}, ASN1_IA5STRING},
{"unstructuredName", {oid_UN, 9}, ASN1_IA5STRING},
{"TCGID" , {oid_TCGID, 12}, ASN1_PRINTABLESTRING}
If this is true I think that is a bug.
More information about the Users
mailing list