[strongSwan-dev] Issue in IKEv2 IKE_AUTH EAP identity parsing
tottiviljami at gmail.com
Mon Nov 2 14:30:25 CET 2020
Ok, but would the fallback from asn.1 to plain string then make sense?
Something like (just pseudo):
identification_t * identification_create_from_data(chunk_t data)
char buf[data.len + 1];
identification_t* id = NULL;
id = identification_create_from_encoding(ID_DER_ASN1_DN, data);
id = NULL;
if (id == NULL)
/* use string constructor */
snprintf(buf, sizeof(buf), "%.*s", (int)data.len, data.ptr);
id = identification_create_from_string(buf);
On Mon, Nov 2, 2020 at 3:15 PM Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Totti,
> > There is also ID Type in the identification payload.
> Unfortunately, EAP-Identities are not transmitted in such payloads.
> They are basically arbitrary binary blobs that strongSwan tries to parse
> based on some heuristics to actually match them against other identities
> (e.g. in certificates or the configuration, which all have a type
> associated that must match).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev