[strongSwan-dev] Issue in IKEv2 IKE_AUTH EAP identity parsing
tiio vossi
tottiviljami at gmail.com
Mon Nov 2 14:30:25 CET 2020
Ok, but would the fallback from asn.1 to plain string then make sense?
Something like (just pseudo):
identification_t * identification_create_from_data(chunk_t data)
{
char buf[data.len + 1];
identification_t* id = NULL;
if (is_asn1(data))
{
id = identification_create_from_encoding(ID_DER_ASN1_DN, data);
if (id->is_empty())
{
id->destroy(id);
id = NULL;
}
}
if (id == NULL)
{
/* use string constructor */
snprintf(buf, sizeof(buf), "%.*s", (int)data.len, data.ptr);
id = identification_create_from_string(buf);
}
}
BR,
Totti
On Mon, Nov 2, 2020 at 3:15 PM Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Totti,
>
> > There is also ID Type in the identification payload.
>
> Unfortunately, EAP-Identities are not transmitted in such payloads.
> They are basically arbitrary binary blobs that strongSwan tries to parse
> based on some heuristics to actually match them against other identities
> (e.g. in certificates or the configuration, which all have a type
> associated that must match).
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20201102/1bea46a5/attachment.html>
More information about the Dev
mailing list