Issue #629
Wildcards certs not accepted by Android client
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
charon
Affected version:
5.1.3
Resolution:
Won't fix
Description
If you provide a wildcard cert the Android client won't accept it as valid.
Related issues
History
#1 Updated by Tobias Brunner over 6 years ago
- Status changed from New to Feedback
If you provide a wildcard cert the Android client won't accept it as valid.
That's on purpose. strongSwan does not match identities of type ID_FQDN (fully qualified domain names) against the subject distinguished name (DN) of a certificate. So even if the DN would not contain a wildcard but instead would end with CN=vpn.84codes.com this wouldn't work. That is, the host name of the gateway must be contained in a subjectAltName extension in the certificate, otherwise there won't be a match.
#2 Updated by Tobias Brunner over 5 years ago
- Related to Issue #794: Wildcard Cert Cannot be Match added
#3 Updated by Tobias Brunner over 5 years ago
- Has duplicate Issue #1180: Android client supports pan-domain certificate ? added
#4 Updated by Noel Kuntze almost 4 years ago
- Category changed from android to charon
- Status changed from Feedback to Closed
- Resolution set to Won't fix