Bug #4794: Handling of ASN1.DN values for RSA IPsec during upgrades from previous versions - pfSense - pfSense bugtracker

Actions

Copy link

Bug #4794

closed

Handling of ASN1.DN values for RSA IPsec during upgrades from previous versions

Added by Jorge Albarenque over 9 years ago. Updated over 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Renato Botelho

Category:

Upgrade

Target version:

2.2.4

Start date:

06/27/2015

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.2.x

Affected Architecture:

Description

The certificate CNs are interpreted differently by raccoon and strongSwan, for example:

raccoon:
C=US, ST=Whatever, L=Springfield, O=Springfield Power Plant/emailAddress=burns@powerplant.com, CN=springfield.powerplant.com

strongSwan:
"C=US, ST=Whatever, L=Springfield, O=Springfield Power Plant, E=burns@powerplant.com, CN=springfield.powerplant.com"

So on upgrades from v2.1.x and before, some regex needs to be done on the ASN1DN field.

Also, the value needs to be surrounded in quotes, but be careful because if the identity prefix is provided, the prefix must be included within the quotes, eg: rightid = "asn1dn:#whateverhexvalue..."
This will depend on how the identity type prefixes are handled (related to bug 4792 )

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #4794

Handling of ASN1.DN values for RSA IPsec during upgrades from previous versions

Updated by Tobias Brunner over 9 years ago

Updated by Jim Thompson over 9 years ago

Updated by Chris Buechler over 9 years ago

Updated by Renato Botelho over 9 years ago

Updated by Renato Botelho over 9 years ago

Updated by Chris Buechler over 9 years ago