[Openswan Users] we require peer ID 'O=xxxx, CN=yyyy, D=aaaaa' but peer declares 'O=xxxx, CN=yyyy, D=aaaaa'. Is the same ID!!!!!
Paul Wouters
paul at xelerance.com
Tue Jun 15 09:02:38 EDT 2010
On Mon, 14 Jun 2010, Eduardo Barambio Donate wrote:
> I commented the same issue in irc and may be a problem with underscores in
> RDN, because RFC3280 says:
>
> Implementers should note that the at sign ('@') and underscore ('_')
> characters are not supported by the ASN.1 type PrintableString
>
> And in the file lib/libopenswan/x509dn.c there are these lines:
>
> {"ND" , {oid_ND, 7}, ASN1_PRINTABLESTRING},
> {"UID" , {oid_UID, 10}, ASN1_PRINTABLESTRING},
> {"DC" , {oid_DC, 10}, ASN1_PRINTABLESTRING},
> {"CN" , {oid_CN, 3}, ASN1_IA5STRING},
> {"S" , {oid_S, 3}, ASN1_PRINTABLESTRING},
> {"SN" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
> {"serialNumber" , {oid_SN, 3}, ASN1_PRINTABLESTRING},
> {"C" , {oid_C, 3}, ASN1_PRINTABLESTRING},
> {"L" , {oid_L, 3}, ASN1_PRINTABLESTRING},
> {"ST" , {oid_ST, 3}, ASN1_PRINTABLESTRING},
> {"O" , {oid_O, 3}, ASN1_PRINTABLESTRING},
> {"OU" , {oid_OU, 3}, ASN1_PRINTABLESTRING},
> {"T" , {oid_T, 3}, ASN1_PRINTABLESTRING},
> {"D" , {oid_D, 3}, ASN1_PRINTABLESTRING},
> {"N" , {oid_N, 3}, ASN1_PRINTABLESTRING},
> {"G" , {oid_G, 3}, ASN1_PRINTABLESTRING},
> {"I" , {oid_I, 3}, ASN1_PRINTABLESTRING},
> {"ID" , {oid_ID, 3}, ASN1_PRINTABLESTRING},
> {"E" , {oid_E, 9}, ASN1_IA5STRING},
> {"Email" , {oid_E, 9}, ASN1_IA5STRING},
> {"emailAddress" , {oid_E, 9}, ASN1_IA5STRING},
> {"UN" , {oid_UN, 9}, ASN1_IA5STRING},
> {"unstructuredName", {oid_UN, 9}, ASN1_IA5STRING},
> {"TCGID" , {oid_TCGID, 12}, ASN1_PRINTABLESTRING}
>
> If this is true I think that is a bug.
So what is our bug? If the ASN.1 spec does not allow underscore, and you
managed to put one in, isn't this your fault?
Paul
More information about the Users
mailing list