Project

General

Profile

Issue #629

Wildcards certs not accepted by Android client

Added by Carl Hörberg about 6 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
charon
Affected version:
5.1.3
Resolution:
Won't fix

Description

If you provide a wildcard cert the Android client won't accept it as valid.

charon.log (23.5 KB) charon.log Log from a connection attempt with a server that provides a wildcard cert Carl Hörberg, 29.06.2014 17:39

Related issues

Related to Issue #794: Wildcard Cert Cannot be MatchClosed
Has duplicate Issue #1180: Android client supports pan-domain certificate ?Closed28.10.2015

History

#1 Updated by Tobias Brunner about 6 years ago

  • Status changed from New to Feedback

If you provide a wildcard cert the Android client won't accept it as valid.

That's on purpose. strongSwan does not match identities of type ID_FQDN (fully qualified domain names) against the subject distinguished name (DN) of a certificate. So even if the DN would not contain a wildcard but instead would end with CN=vpn.84codes.com this wouldn't work. That is, the host name of the gateway must be contained in a subjectAltName extension in the certificate, otherwise there won't be a match.

#2 Updated by Tobias Brunner almost 5 years ago

  • Related to Issue #794: Wildcard Cert Cannot be Match added

#3 Updated by Tobias Brunner over 4 years ago

  • Has duplicate Issue #1180: Android client supports pan-domain certificate ? added

#4 Updated by Noel Kuntze about 3 years ago

  • Category changed from android to charon
  • Status changed from Feedback to Closed
  • Resolution set to Won't fix

Also available in: Atom PDF