[strongSwan] Why a certificate error when we are using PSK....
Martin Willi
martin at strongswan.org
Tue Apr 3 08:39:01 CEST 2012
Hello Chris,
> invalid X509 hash length (0)in certreq
> CERTIFICATE_REQUEST payload verification failed
It seems that your Sonicwall sends a CERTREQ payload without any
content, which does not make much sense to me (especially with PSK
settings). We are rather strict in payload checking and hence reject the
message.
Try the attached patch, strongSwan should accept and ignore the payload
with the patch applied.
Regards
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Accept-zero-length-certificate-request-payloads.patch
Type: text/x-patch
Size: 917 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120403/cae241c3/attachment.bin>
More information about the Users
mailing list