Issue #629: Wildcards certs not accepted by Android client - strongSwan

Issue #629

Wildcards certs not accepted by Android client

Added by Carl Hörberg about 6 years ago. Updated about 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

charon

Affected version:

5.1.3

Resolution:

Won't fix

Description

If you provide a wildcard cert the Android client won't accept it as valid.

charon.log (23.5 KB) charon.log

Log from a connection attempt with a server that provides a wildcard cert

Carl Hörberg, 29.06.2014 17:39

Related issues

History

#1 Updated by Tobias Brunner about 6 years ago

Status changed from New to Feedback

If you provide a wildcard cert the Android client won't accept it as valid.

That's on purpose. strongSwan does not match identities of type ID_FQDN (fully qualified domain names) against the subject distinguished name (DN) of a certificate. So even if the DN would not contain a wildcard but instead would end with CN=vpn.84codes.com this wouldn't work. That is, the host name of the gateway must be contained in a subjectAltName extension in the certificate, otherwise there won't be a match.

#2 Updated by Tobias Brunner almost 5 years ago

Related to Issue #794: Wildcard Cert Cannot be Match added

#3 Updated by Tobias Brunner over 4 years ago

Has duplicate Issue #1180: Android client supports pan-domain certificate ? added

#4 Updated by Noel Kuntze about 3 years ago

Category changed from android to charon
Status changed from Feedback to Closed
Resolution set to Won't fix

Also available in: Atom PDF

	Related to Issue #794: Wildcard Cert Cannot be Match	Closed
	Has duplicate Issue #1180: Android client supports pan-domain certificate ?	Closed	28.10.2015

Project

General

Profile

strongSwan

Issues

New issues