<font color='black' size='2' face='Arial, Helvetica, sans-serif'>
<div style="color: black; ">
<div id="AOLMsgPart_1_970da21d-d514-43ec-aa25-a1b1631accd1">
<font color="black" face="Arial, Helvetica, sans-serif"><font face="Arial, Helvetica, sans-serif" size="2" style="font-family: arial, helvetica; font-size: 10pt; ">Hello all, just joined the dev mailing list.</font>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; "><br>
</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">I'm going after a bug in scepclient and so far it looks like the problem is not in scepclient code, but in libstrongswan.</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; "><br>
</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">When one uses scepclient for certificate enrollment, there are a few parameters, including this particular one: the CA certificate, which was previously obtained.</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">Scepclient sends a message to the CA in order to request a certificate. This message contains some information about the CA certificate. </div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; "><br>
</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">This is the function that gets that information. </div>
<div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">-<i> METHOD(certificate_t, get_encoding, bool, <span style="font-size: 10pt; ">private_x509_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)</span></i></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><span style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">What it does in pratice is<b> </b></span><font face="Arial, Helvetica, sans-serif"><i>chunk_clone(this->encoding).</i></font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif"><i><br>
</i></font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif">According to the draft, the first part of this information should be:</font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><span style="font-size: 1em; "> certificate { -- requester self-signed or CA-issued certificate</span></div>
<div><pre class="newpage" style="font-family: arial, helvetica; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "> version 3
serialNumber "the transaction id associated with enrollment"
signature {pkcs-1 4} -- md5WithRSAEncryption
</pre><pre class="newpage" style="font-family: arial, helvetica; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><font face="Arial, Helvetica, sans-serif"> ..................</font></pre><pre class="newpage" style="font-family: arial, helvetica; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><font face="Arial, Helvetica, sans-serif"><br>
</font></pre><pre class="newpage" style="font-family: arial, helvetica; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><span style="font-family: Arial, Helvetica, sans-serif; font-size: 1em; ">My CA certificate, according to openssl, is version 3 and has md5withRSAEncryption signature.</span></pre><pre class="newpage" style="font-family: arial, helvetica; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><font face="Arial, Helvetica, sans-serif">But what is actually cloned by that function for my CA certificate is:</font></pre><pre class="newpage" style="font-family: arial, helvetica; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><font face="Arial, Helvetica, sans-serif">
</font></pre></div>
<div style="font-family: arial, helvetica; color: black; font-size: 10pt; "><pre class="newpage" style="font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><font face="Arial, Helvetica, sans-serif">certificate { -- requester self-signed or CA-issued certificate
</font><span style="font-family: Arial, Helvetica, sans-serif; font-size: 1em; "> context 0 { </span></pre><pre class="newpage" style="font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><span style="font-family: Arial, Helvetica, sans-serif; font-size: 1em; "> version 3</span></pre><pre class="newpage" style="font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><span style="font-family: Arial, Helvetica, sans-serif; font-size: 1em; "> }</span></pre><pre class="newpage" style="font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><span style="font-family: Arial, Helvetica, sans-serif; font-size: 1em; "> version 2</span></pre><pre class="newpage" style="font-family: Arial, Helvetica, sans-serif; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "> serialNumber "the transaction id associated with enrollment"
signature {pkcs-1 4} -- sha-1WithRSAEncryption
</pre><pre class="newpage" style="font-family: Arial, Helvetica, sans-serif; font-size: 1em; margin-top: 0px; margin-bottom: 0px; page-break-before: always; "><font face="Arial, Helvetica, sans-serif"> ..................</font></pre></div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; "><br>
</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">Problem 1) There is this context 0 thing which contains the right version number, and the actual version might be wrong (2).</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">Problem 2) My certificate is md5WithRSAEncryption, but it read sha-1withRSAEncryption. The former is defined as 92 while the latter as 93. +1 bug somewhere?</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; "><br>
</div>
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; ">Conclusion:</div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif" size="2">Since get_encoding just copies a chunk from certificate->encoding, it seems that </font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif"><i>- lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, </i></font><i style="font-family: Arial, Helvetica, sans-serif; ">BUILD_FROM_FILE, path, BUILD_END);</i></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif">is not doing what it shoud do.</font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif">Opinions?</font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif"><br>
</font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; "><font face="Arial, Helvetica, sans-serif">Thanks,</font></div>
<div style="font-family: arial, helvetica; font-size: 10pt; ">
<div style="color: black; font-family: Arial, Helvetica, sans-serif; font-size: 10pt; clear: both; ">Germano Veit Michel<br>
germanovmichel@aim.com<br>
</div>
</div>
</div>
</font>
</div>
<!-- end of AOLMsgPart_1_970da21d-d514-43ec-aa25-a1b1631accd1 -->
</div>
</font>