[strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10
tobias at strongswan.org
Wed Sep 4 08:58:35 CEST 2013
You didn't write what strongSwan version you are using. But I suspect
it's something like 4.5.2, certainly before 4.6.3 because this problem here
> Sep 3 21:39:19 firebrand charon: 12[ENC] invalid X509 hash length (0)
> in certreq
> Sep 3 21:39:19 firebrand charon: 12[ENC] CERTIFICATE_REQUEST
> verification failed
> Sep 3 21:39:19 firebrand charon: 12[ENC] could not decrypt payloads
> Sep 3 21:39:19 firebrand charon: 12[IKE] message verification failed
should be fixed by , which was included in 4.6.3.
Why the Z10 client sends an empty certificate request, which doesn't
make much sense, is another question. Perhaps the CA certificate is not
installed properly (or at all), or it always does that (bug?).
More information about the Users