Project

General

Profile

Issue #794

Wildcard Cert Cannot be Match

Added by Hong Zhang almost 5 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
charon
Affected version:
5.1.2
Resolution:
Won't fix

Description

case1 :
I use a *.domain.tld Certificate on my server side and use xxx.domain.tld to connect to the server(with strongSwan on Andoird 5.0) it says Constraint check failed: identity 'xxx.domain.tld' required.

case2:
I witch to a xxx.domain.tld Certificate on my server side and use xxx.domain.tld to connect to the server(with strongSwan on Andoird 5.0) it's OK now


Related issues

Related to Issue #629: Wildcards certs not accepted by Android clientClosed

History

#1 Updated by Andreas Steffen almost 5 years ago

  • Status changed from New to Feedback
  • Assignee set to Andreas Steffen

strongSwan does not support wildcard certificates.

Regards

Andreas

#2 Updated by Hong Zhang almost 5 years ago

So is there any further plan to support wildcard certificate?

#3 Updated by Andreas Steffen almost 5 years ago

Wildcards in certificates are deprecated due to security reasons (see e.g. section 7.2 of RFC 6125)

https://tools.ietf.org/html/rfc6125#section-7.2

Therefore do not expect us to support wildcards in strongSwan.

Regards

Andreas

#4 Updated by Tobias Brunner about 4 years ago

  • Related to Issue #629: Wildcards certs not accepted by Android client added

#5 Updated by Noel Kuntze over 2 years ago

  • Category set to charon
  • Status changed from Feedback to Closed
  • Assignee deleted (Andreas Steffen)
  • Priority changed from High to Normal
  • Resolution set to Won't fix

Also available in: Atom PDF