[strongSwan] Loading certificate fails
Tobias Brunner
tobias at strongswan.org
Tue Jun 5 14:38:00 CEST 2018
Hi Andreas,
> L6 - generalNames:
> L7 - generalName:
> L8 - otherName:
> => 80 bytes @ 0xd78923
> 0: 06 03 55 04 0A A0 49 0C 47 67 65 6D 61 74 69 6B ..U...I.Ggematik
> 16: 20 47 65 73 65 6C 6C 73 63 68 61 66 74 20 66 C3 Gesellschaft f.
> 32: BC 72 20 54 65 6C 65 6D 61 74 69 6B 61 6E 77 65 .r Telematikanwe
> 48: 6E 64 75 6E 67 65 6E 20 64 65 72 20 47 65 73 75 ndungen der Gesu
> 64: 6E 64 68 65 69 74 73 6B 61 72 74 65 20 6D 62 48 ndheitskarte mbH
> L9 - type-id:
> 'O'
> L9 - value:
> => 73 bytes @ 0xd7892a
> 0: 0C 47 67 65 6D 61 74 69 6B 20 47 65 73 65 6C 6C .Ggematik Gesell
> 16: 73 63 68 61 66 74 20 66 C3 BC 72 20 54 65 6C 65 schaft f..r Tele
> 32: 6D 61 74 69 6B 61 6E 77 65 6E 64 75 6E 67 65 6E matikanwendungen
> 48: 20 64 65 72 20 47 65 73 75 6E 64 68 65 69 74 73 der Gesundheits
> 64: 6B 61 72 74 65 20 6D 62 48 karte mbH
>
> which is just being ignored.
It actually isn't. pki --print only successfully parses the certificate
if the openssl plugin is loaded, otherwise it fails right after the
output you posted above. The x509 plugin isn't happy about the unparsed
generalName (while parse_otherName() returns TRUE, no id_type or
encoding is returned, so parse_generalName() eventually returns NULL,
which causes x509_parse_generalNames() to fail).
Regards,
Tobias
More information about the Users
mailing list