[strongSwan] scepclient and cisco
Tobias Brunner
tobias at strongswan.org
Fri May 18 15:58:51 CEST 2012
Hi Germano,
> Looks like the cisco box wasn't able to decrypt the request.
In the meantime I was able to verify this against Microsoft's SCEP
implementation (Windows Server 2008 R2). The problem is that scepclient
incorrectly ASN.1-encoded the integer value 0 as 0200 instead of 020100
when generating PKCS#7 messages and PKCS#10 certificate requests. It
did so for quite a while (at least since the beginning of our Git
repository's history) so I'm not sure why this ever worked - perhaps the
other implementations were not so strict.
Anyway, a fix will be included in one of our upcoming releases. If you
don't want to wait use the attached patch.
Regards,
Tobias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Properly-encode-0-in-ASN.1.patch
Type: text/x-patch
Size: 1621 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120518/1ccf0c42/attachment.bin>
More information about the Users
mailing list