[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ipsec
Subject: Re: [Users] Problems with x509 wildcard cert policies
From: Andreas Steffen <andreas.steffen () strongsec ! net>
Date: 2003-05-31 12:31:36
[Download RAW message or body]
Oops - my fault!
I haven't tested the bug fix thoroughly enough. Here is a differential
patch which should definitely fix the problem.
Regards
Andreas
Nels Lindquist wrote:
> On 30 May 2003 at 20:22, Andreas Steffen wrote:
>
>
>>This is a known bug that has been fixed with version 0.9.29 of
>>the X.509 patch (or SuperFreeS/WAN 1.99.7.1). You can use the
>>attached differential patch to upgrade your version.
>
>
> Okay, I patched up to v0.9.29 of the x509 patch, but it didn't seem
> to matter.
>
> I'm still seeing the same messages in my logfiles when I attempt a
> connection as I did before.
>
> Have I missed something?
>
> ----
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.
=======================================================================
Andreas Steffen e-mail: andreas.steffen@strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
["x509patch-0.9.29-to-0.9.30.diff" (text/plain)]
diff -urN freeswan-1.99-0.9.29/README.x509 freeswan-1.99-x509/README.x509
--- freeswan-1.99-0.9.29/README.x509 Sat May 31 14:04:26 2003
+++ freeswan-1.99-x509/README.x509 Sat May 31 14:05:11 2003
@@ -1,7 +1,7 @@
Installation and Configuration Guide
------------------------------------
- X.509 Patch - Version 0.9.29
+ X.509 Patch - Version 0.9.30
Contents
diff -urN freeswan-1.99-0.9.29/pluto/ipsec_doi.c freeswan-1.99-x509/pluto/ipsec_doi.c
--- freeswan-1.99-0.9.29/pluto/ipsec_doi.c Sat May 31 14:04:26 2003
+++ freeswan-1.99-x509/pluto/ipsec_doi.c Sat May 31 14:10:42 2003
@@ -1979,7 +1979,7 @@
DBG_log("offered CA: '%s'", buf);
)
- if (r != c || c->that.has_id_wildcards)
+ if (r != c)
{
/* apparently, r is an improvement on c -- replace */
@@ -1995,6 +1995,13 @@
set_cur_connection(r);
connection_discard(c);
}
+ else if (c->that.has_id_wildcards)
+ {
+ free_id_content(&c->that.id);
+ c->that.id = peer;
+ c->that.has_id_wildcards = FALSE;
+ unshare_id_content(&c->that.id);
+ }
}
return TRUE;
diff -urN freeswan-1.99-0.9.29/pluto/main.c freeswan-1.99-x509/pluto/main.c
--- freeswan-1.99-0.9.29/pluto/main.c Sat May 31 14:04:26 2003
+++ freeswan-1.99-x509/pluto/main.c Sat May 31 14:05:40 2003
@@ -54,7 +54,7 @@
/*
* Version of X.509 patch
*/
-static const char x509patch_version[] = "0.9.29";
+static const char x509patch_version[] = "0.9.30";
static void
usage(const char *mess)
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic