[strongSwan-dev] Issue in IKEv2 IKE_AUTH EAP identity parsing

Tobias Brunner tobias at strongswan.org
Mon Nov 2 15:26:44 CET 2020


Hi Totti,

> Ok, but would the fallback from asn.1 to plain string then make sense?

The idea is good, but...

>         id = identification_create_from_encoding(ID_DER_ASN1_DN, data);

This constructor does not do any parsing or verifying.  The (assumed)
ASN.1 encoding is just copied.  The data will only get parsed as DN once
the identity is compared or printed.  But I guess we could add an
additional verification step to the from_data() constructor.  I pushed a
possible fix to the dn-from-data branch [1].

Regards,
Tobias

[1]
https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/dn-from-data


More information about the Dev mailing list