Issue #489: constraints_validator's check_policy is too strict - strongSwan

Issue #489

constraints_validator's check_policy is too strict

Added by Raphael Geissert about 7 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Martin Willi

Category:

libstrongswan

Affected version:

5.1.1

Resolution:

Duplicate

Description

As mentioned a few months ago in the IRC channel, the check performed by check_policy in constrains_validator.c is too strict.
The example given back then was an end certificate containing a CPS while it's issuer didn't contain one. In that case, the constraints plugin aborts with "policy ... missing in issuing certificate".

Back then, Tobias mentioned the check should probably be removed (perhaps not his exact words).

Related issues

History

#1 Updated by Martin Willi about 7 years ago

Category set to libstrongswan
Status changed from New to Closed
Assignee set to Martin Willi
Parent task set to #453
Resolution set to Duplicate

Raphael,

Thanks for your report. Yes we are aware of the issue, and it is on my TODO list. It probably won't make it into 5.1.2, but hopefully into 5.1.3. To work around the issue, you may disable the constraints plugin.

#2 Updated by Martin Willi about 7 years ago

Parent task deleted (~~#453~~)

#3 Updated by D B over 6 years ago

Just ran into the same issue. A fix would be welcome!

#4 Updated by D B over 6 years ago

Oops, I didn't notice the duplicate issue. Sorry, I'll post the comment there :)

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues