[strongSwan] scepclient and cisco
tobias at strongswan.org
Fri May 18 15:58:51 CEST 2012
> Looks like the cisco box wasn't able to decrypt the request.
In the meantime I was able to verify this against Microsoft's SCEP
implementation (Windows Server 2008 R2). The problem is that scepclient
incorrectly ASN.1-encoded the integer value 0 as 0200 instead of 020100
when generating PKCS#7 messages and PKCS#10 certificate requests. It
did so for quite a while (at least since the beginning of our Git
repository's history) so I'm not sure why this ever worked - perhaps the
other implementations were not so strict.
Anyway, a fix will be included in one of our upcoming releases. If you
don't want to wait use the attached patch.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1621 bytes
Desc: not available
More information about the Users