Project

General

Profile

Issue #489

constraints_validator's check_policy is too strict

Added by Raphael Geissert over 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
libstrongswan
Affected version:
5.1.1
Resolution:
Duplicate

Description

As mentioned a few months ago in the IRC channel, the check performed by check_policy in constrains_validator.c is too strict.
The example given back then was an end certificate containing a CPS while it's issuer didn't contain one. In that case, the constraints plugin aborts with "policy ... missing in issuing certificate".

Back then, Tobias mentioned the check should probably be removed (perhaps not his exact words).


Related issues

Is duplicate of Bug #453: constraints_validator's check_policy is too strictClosed

History

#1 Updated by Martin Willi over 6 years ago

  • Category set to libstrongswan
  • Status changed from New to Closed
  • Assignee set to Martin Willi
  • Parent task set to #453
  • Resolution set to Duplicate

Raphael,

Thanks for your report. Yes we are aware of the issue, and it is on my TODO list. It probably won't make it into 5.1.2, but hopefully into 5.1.3. To work around the issue, you may disable the constraints plugin.

#2 Updated by Martin Willi over 6 years ago

  • Parent task deleted (#453)

#3 Updated by D B almost 6 years ago

Just ran into the same issue. A fix would be welcome!

#4 Updated by D B almost 6 years ago

Oops, I didn't notice the duplicate issue. Sorry, I'll post the comment there :)

Also available in: Atom PDF