Bug #2085
Charon unable to handle multiple certificates in aggressive mode
Start date:
16.08.2016
Due date:
Estimated time:
Affected version:
5.4.0
Resolution:
Fixed
Description
Commit d489e7557 modified Charon to accept multiple certificates from the other party in IKEv1 messages but the modification was restricted to the main mode and the aggressive mode remained restricted to one certificate in a message. The restriction prevented strongSwan from connecting to a certain instance of Fortinet IPsec VPN that required the aggressive mode and was sending the whole certificate chain in R1. I have removed remaining restrictions in `src/libcharon/encoding/message.c` (see the attached patch--it was made for 5.4.0 but I am sure 5.5.0 is affected as well) and it works now.
Associated revisions
History
#1 Updated by Tobias Brunner over 4 years ago
- Tracker changed from Issue to Bug
- Category set to ikev1
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Target version set to 5.5.1
- Resolution set to Fixed
Thanks. Fixed with the associated commit.
ikev1: Accept more than one certificate payload in aggressive mode
Fixes #2085.