Project

General

Profile

Actions

Bug #14831

closed

IPsec rejects certificate without any SANs

Added by Jim Pingle 7 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Very Low
Assignee:
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

When I fixed #13373 it apparently created a slightly different bug: Now if there are no SANs on a certificate at all, it is rejected with a message saying that it has wildcard SANs, which isn't true.

Even if they are becoming very rare these days, at least for the moment certificates without SANs still work with IPsec, so we should fix the validation error.


Related issues

Related to Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcardResolvedJim Pingle

Actions
Actions #1

Updated by Jim Pingle 7 months ago

  • Related to Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard added
Actions #2

Updated by Jim Pingle 7 months ago

  • Priority changed from Normal to Very Low
Actions #3

Updated by Jim Pingle 7 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Danilo Zrenjanin 6 months ago

  • Status changed from Feedback to Resolved

Tested against:

23.09-BETA (amd64)
built on Thu Oct 12 6:00:00 UTC 2023
FreeBSD 14.0-CURRENT

I selected the cert with no SANs in IPsec Phase 1. There were no error messages upon the config save/apply.

I am marking this ticket resolved.

Actions #5

Updated by Jim Pingle 6 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF