[strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors
Tobias Brunner
tobias at strongswan.org
Fri Nov 2 15:38:26 CET 2012
Hi,
Thanks for the keys.
> It's sending a valid IDi payload with
> proper identification data.
It isn't. The encoding of the IDi payload looks like this:
0000 25 00 00 22 09 00 00 00 43 3d 43 48 2c 20 4f 3d %.."....C=CH, O=
0010 73 74 72 6f 6e 67 73 77 61 6e 2c 20 43 4e 3d 69 strongswan, CN=i
0020 73 73 ss
The type of the payload is ID_DER_ASN1_DN (0x09) but the encoding that
follows starting with 0x43 is not a DER encoded ASN.1 DN but simply an
ASCII string. The DN "C=CH, O=strongswan, CN=iss" in proper encoding
would look like this:
0: 30 30 31 0B 30 09 06 03 55 04 06 13 02 43 48 31 001.0...U....CH1
16: 13 30 11 06 03 55 04 0A 13 0A 73 74 72 6F 6E 67 .0...U....strong
32: 73 77 61 6E 31 0C 30 0A 06 03 55 04 03 13 03 69 swan1.0...U....i
48: 73 73 ss
Regards,
Tobias
More information about the Users
mailing list