[strongSwan] scepclient and cisco

Tobias Brunner tobias at strongswan.org
Fri May 18 15:58:51 CEST 2012

Hi Germano,

> Looks like the cisco box wasn't able to decrypt the request.

In the meantime I was able to verify this against Microsoft's SCEP
implementation (Windows Server 2008 R2).  The problem is that scepclient
incorrectly ASN.1-encoded the integer value 0 as 0200 instead of 020100
when generating PKCS#7 messages and PKCS#10 certificate requests.  It
did so for quite a while (at least since the beginning of our Git
repository's history) so I'm not sure why this ever worked - perhaps the
other implementations were not so strict.

Anyway, a fix will be included in one of our upcoming releases.  If you
don't want to wait use the attached patch.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Properly-encode-0-in-ASN.1.patch
Type: text/x-patch
Size: 1621 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120518/1ccf0c42/attachment.bin>

More information about the Users mailing list