Issue #1271: X.509 UTF-8 support - strongSwan

Issue #1271

X.509 UTF-8 support

Added by ValdikSS ValdikSS over 4 years ago. Updated over 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Affected version:

5.3.5

Resolution:

Description

strongSwan doesn't support UTF-8 encoded DN, producing only question marks instead of encoded text.

ipsec[479]: 03[IKE] IKE_SA ikev2-pubkey[7] established between 5.6.7.8[CN=something]...1.2.3.4[CN=???????? ??????] ipsec[479]: 03[IKE] sending end entity cert "CN=something" ipsec[479]: 03[IKE] peer requested virtual IP %any ipsec[479]: 03[CFG] reassigning offline lease to 'CN=???????? ??????' ipsec[479]: 03[IKE] assigning virtual IP 192.168.103.2 to peer 'CN=???????? ??????'

Afterwards it sends incorrect CN to the RADIUS and accounting fails because RADIUS can't decode CN and find user in the database.

Certificate has been generated with openssl -utf8 flag.

History

#1 Updated by ValdikSS ValdikSS over 4 years ago

Some more information: CN is UTF8STRING-encoded. strongSwan won't use UTF-8 SAN DNS either or negotiated EAP-Identity.
RADIUS plugin sends real question marks to RADIUS server (0x3F).

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues

Issue #1271

X.509 UTF-8 support

History

#1 Updated by ValdikSS ValdikSS over 4 years ago