'Re: [Users] Problems with x509 wildcard cert policies'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipsec
Subject:    Re: [Users] Problems with x509 wildcard cert policies
From:       Andreas Steffen <andreas.steffen () strongsec ! net>
Date:       2003-05-31 12:31:36
[Download RAW message or body]

Oops - my fault!

I haven't tested the bug fix thoroughly enough. Here is a differential
patch which should definitely fix the problem.

Regards

Andreas

Nels Lindquist wrote:
> On 30 May 2003 at 20:22, Andreas Steffen wrote:
> 
> 
>>This is a known bug that has been fixed with version 0.9.29 of
>>the X.509 patch (or SuperFreeS/WAN 1.99.7.1). You can use the
>>attached differential patch to upgrade your version.
> 
> 
> Okay, I patched up to v0.9.29 of the x509 patch, but it didn't seem 
> to matter.
> 
> I'm still seeing the same messages in my logfiles when I attempt a 
> connection as I did before.
> 
> Have I missed something?
> 
> ----
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.

=======================================================================
Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

["x509patch-0.9.29-to-0.9.30.diff" (text/plain)]

diff -urN freeswan-1.99-0.9.29/README.x509 freeswan-1.99-x509/README.x509

--- freeswan-1.99-0.9.29/README.x509	Sat May 31 14:04:26 2003
+++ freeswan-1.99-x509/README.x509	Sat May 31 14:05:11 2003
@@ -1,7 +1,7 @@
 Installation and Configuration Guide
 ------------------------------------
 
-     X.509 Patch - Version 0.9.29
+     X.509 Patch - Version 0.9.30
 
 Contents
 
diff -urN freeswan-1.99-0.9.29/pluto/ipsec_doi.c freeswan-1.99-x509/pluto/ipsec_doi.c
--- freeswan-1.99-0.9.29/pluto/ipsec_doi.c	Sat May 31 14:04:26 2003
+++ freeswan-1.99-x509/pluto/ipsec_doi.c	Sat May 31 14:10:42 2003
@@ -1979,7 +1979,7 @@
 	    DBG_log("offered CA: '%s'", buf);
 	)
 
-	if (r != c || c->that.has_id_wildcards)
+	if (r != c)
 	{
 	    /* apparently, r is an improvement on c -- replace */
 
@@ -1995,6 +1995,13 @@
 	    set_cur_connection(r);
 	    connection_discard(c);
 	}
+	else if (c->that.has_id_wildcards)
+	{
+	    free_id_content(&c->that.id);
+	    c->that.id = peer;
+	    c->that.has_id_wildcards = FALSE;
+	    unshare_id_content(&c->that.id);
+	}
     }
 
     return TRUE;
diff -urN freeswan-1.99-0.9.29/pluto/main.c freeswan-1.99-x509/pluto/main.c
--- freeswan-1.99-0.9.29/pluto/main.c	Sat May 31 14:04:26 2003
+++ freeswan-1.99-x509/pluto/main.c	Sat May 31 14:05:40 2003
@@ -54,7 +54,7 @@
 /*
  *  Version of X.509 patch
  */
-static const char x509patch_version[] = "0.9.29";
+static const char x509patch_version[] = "0.9.30";
 
 static void
 usage(const char *mess)

_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread] 
