[strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors

SaRaVanAn saravanan.nagarajan87 at gmail.com
Fri Nov 2 17:53:26 CET 2012


Hi ,
    Thanks a lot for your great help.

>The DN "C=CH, O=strongswan, CN=iss" in proper encoding

Is there any OpenSSL API to encode/convert DN in ASCII string to DN in DER
format to verify the same?

Regards,
Saravanan N

On Fri, Nov 2, 2012 at 7:38 AM, Tobias Brunner <tobias at strongswan.org>wrote:

> Hi,
>
> Thanks for the keys.
>
> > It's sending  a valid IDi payload with
> > proper identification data.
>
> It isn't.  The encoding of the IDi payload looks like this:
>
> 0000   25 00 00 22 09 00 00 00 43 3d 43 48 2c 20 4f 3d  %.."....C=CH, O=
> 0010   73 74 72 6f 6e 67 73 77 61 6e 2c 20 43 4e 3d 69  strongswan, CN=i
> 0020   73 73                                            ss
>
> The type of the payload is ID_DER_ASN1_DN (0x09) but the encoding that
> follows starting with 0x43 is not a DER encoded ASN.1 DN but simply an
> ASCII string.  The DN "C=CH, O=strongswan, CN=iss" in proper encoding
> would look like this:
>
>    0: 30 30 31 0B 30 09 06 03 55 04 06 13 02 43 48 31  001.0...U....CH1
>   16: 13 30 11 06 03 55 04 0A 13 0A 73 74 72 6F 6E 67  .0...U....strong
>   32: 73 77 61 6E 31 0C 30 0A 06 03 55 04 03 13 03 69  swan1.0...U....i
>   48: 73 73                                            ss
>
> Regards,
> Tobias
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121102/4c339822/attachment.html>


More information about the Users mailing list