[strongSwan] Why a certificate error when we are using PSK....

Martin Willi martin at strongswan.org
Tue Apr 3 08:39:01 CEST 2012

Hello Chris,                                                                                                                     

> invalid X509 hash length (0)in certreq 
> CERTIFICATE_REQUEST payload verification failed

It seems that your Sonicwall sends a CERTREQ payload without any
content, which does not make much sense to me (especially with PSK
settings). We are rather strict in payload checking and hence reject the

Try the attached patch, strongSwan should accept and ignore the payload
with the patch applied.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Accept-zero-length-certificate-request-payloads.patch
Type: text/x-patch
Size: 917 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120403/cae241c3/attachment.bin>

More information about the Users mailing list