[strongSwan] certificate format in sqlite database

Wed Oct 13 14:39:51 CEST 2010

Hi,

I try to run strongswan with using sqlite database and i'm facing a 
problem of certificate format.
I put certificates and private key in pem format in my database, which 
give something like that :
-----BEGIN CERTIFICATE-----
MIIEJjCCAw6gAwIBAgIJAIcBdJN/qHy9MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV
BAYTAmZyMQ0wCwYDVQQKEwRnb3V2MRIwEAYDVQQLEwllZHVjYXRpb24xETAPBgNV
BAsTCGFjLWRpam9uMRgwFgYDVQQDEw9DQS1zcGh5bnhuZy1SVlAwHhcNMTAxMDEy
MTQ0NDA0WhcNMjUxMDA4MTQ0NDA0WjBdMQswCQYDVQQGEwJmcjENMAsGA1UEChME
Z291djESMBAGA1UECxMJZWR1Y2F0aW9uMREwDwYDVQQLEwhhYy1kaWpvbjEYMBYG
A1UEAxMPQ0Etc3BoeW54bmctUlZQMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqbwOLz3+3L5EMoDKx1Udg+B65oztY7EVCGDx1bxIS+7vglJzd3zijNPQ
nIdxRr5BFHscF58aNppq4yIz2GDDe0PZiufKBVaKCajYtfL1oK/LIYHYfPxVtFub
7aFb/kx9WH+yYdcUwXI4Fo17bqRuWQXY+rDLSwqtI9a0kZEXnwtXPy+hZTJBuBoh
DOB/Vk1RKmNudDjQA6SKGF8ag1Y2ckgp06cB2xM5F3WTAGreyE9YPj5cLCczCPSE
bYXL82qhddBjsl5ihNzfi3sZBh4/vxqW41y36Q0OQ0riX5IzsjT6+bAsYLOa9UuH
VdSee+fb1Q7jdjVlLhO4FpfP0jCAeQIDAQABo4HoMIHlMB0GA1UdDgQWBBRVsFec
8Nd+GmAuOBgPFTU4zCwCCTCBjwYDVR0jBIGHMIGEgBRVsFec8Nd+GmAuOBgPFTU4
zCwCCaFhpF8wXTELMAkGA1UEBhMCZnIxDTALBgNVBAoTBGdvdXYxEjAQBgNVBAsT
CWVkdWNhdGlvbjERMA8GA1UECxMIYWMtZGlqb24xGDAWBgNVBAMTD0NBLXNwaHlu
eG5nLVJWUIIJAIcBdJN/qHy9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
AgGGMBEGCWCGSAGG+EIBAQQEAwIAATANBgkqhkiG9w0BAQUFAAOCAQEAHKG/BBzY
df0ptXcpUALEhT3REXPOzzFdqv2ZiNa1nob7N0iprqWC/s+ZISuxJ8lMxwffV7Hu
NvkcOwTGPR2imG6AUv8lheeMrJj0z4QGBiHgAkr2ri8Ds3mrf3VUMLvoQVSdLnHP
LlGrKZh6InnaPmTR/YnPEcA9fNiTiLU7nJ/fObtXBjKzvWRtilafwWgH6AZAeLar
g02NRx4tZ29fwxC0df7z2DeNve3JDUXDlt4JVQxW2+0ignbu4fYgoXdVv21XvzDN
V2krC23ycvdEBUcl3kjZiuBm92YsXT00A0uAIMOAgxlVpo16W1DJhps+Rhsu5sOC
8VEU7QEZJ33WhA==
-----END CERTIFICATE-----

In this case, strongswan send this error into logs :

charon: 04[LIB] L0 - x509: ASN1 tag 0x30 expected, but is 0x2d
charon: 04[LIB] => 47 bytes @ 0x22616af8
charon: 04[LIB]    0: 2D 2D 2D 2D 2D 42 45 47 49 4E 20 43 45 52 54 49 
-----BEGIN CERTI
charon: 04[LIB]   16: 46 49 43 41 54 45 2D 2D 2D 2D 2D 0A 4D 49 49 45 
FICATE-----.MIIE
charon: 04[LIB]   32: 4A 6A 43 43 41 77 36 67 41 77 49 42 41 67 49 
JjCCAw6gAwIBAgI
charon: 04[LIB] building CRED_CERTIFICATE - X509 failed, tried 3 builders

So, i try to convert my .pem file into .der (openssl ... -inform pem 
-outform der) and putting the contents of the file into my database.
In this case strongswan send this error :
  charon: 04[LIB] number of length octets invalid
charon: 04[LIB] L0 - x509:  length of ASN.1 object invalid or too large
charon: 04[LIB] L0 - x509:
charon: 04[LIB] => 1 bytes @ 0x228c88b0
charon: 04[LIB]    0: 30                                               0

In certificates table, i put 1 (CERT_X509) in type value.

My certificates works when i use them in file config mode (config 
parameters in ipsec.conf, ipsec.secrets...)

I don't really understand what format strongswan is waiting for...

If someone could help me...

Thank you

Best regards

samuel MORIN

-- 
**********************************
samuel MORIN
Administrateur Systèmes et Réseaux
Equipe Eole
CETIAD
33, rue Berbisey
21000 DIJON
samuel.morin at ac-dijon.fr
http://eole.orion.education.fr
*********************************