Project

General

Profile

Actions

Regression #13373

closed

IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard

Added by Andrew Stuart over 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:
amd64

Description

The patch used in https://redmine.pfsense.org/issues/11297 causes any certificate with a wildcard SAN from being used.

Could this be changed to detect if there are other SANs available in the certificate? Or can this be changed from an error to a warning?

This is preventing me from using a certificate that has a wildcard SAN, along with multiple other SANS which are used for VPNs. This worked perfectly in previous versions.


Related issues

Related to Bug #14831: IPsec rejects certificate without any SANsResolvedJim Pingle

Actions
Actions

Also available in: Atom PDF