Project

General

Profile

Bug #2085

Charon unable to handle multiple certificates in aggressive mode

Added by Pavel Kankovsky over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Category:
ikev1
Target version:
Start date:
16.08.2016
Due date:
Estimated time:
Affected version:
5.4.0
Resolution:
Fixed

Description

Commit d489e7557 modified Charon to accept multiple certificates from the other party in IKEv1 messages but the modification was restricted to the main mode and the aggressive mode remained restricted to one certificate in a message. The restriction prevented strongSwan from connecting to a certain instance of Fortinet IPsec VPN that required the aggressive mode and was sending the whole certificate chain in R1. I have removed remaining restrictions in `src/libcharon/encoding/message.c` (see the attached patch--it was made for 5.4.0 but I am sure 5.5.0 is affected as well) and it works now.

strongswan-5.4.0-certpayloads.patch (1.04 KB) strongswan-5.4.0-certpayloads.patch Pavel Kankovsky, 16.08.2016 18:51

Associated revisions

Revision 22b839e6 (diff)
Added by Tobias Brunner over 4 years ago

ikev1: Accept more than one certificate payload in aggressive mode

Fixes #2085.

History

#1 Updated by Tobias Brunner over 4 years ago

  • Tracker changed from Issue to Bug
  • Category set to ikev1
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.5.1
  • Resolution set to Fixed

Thanks. Fixed with the associated commit.

Also available in: Atom PDF