Issue #794
Wildcard Cert Cannot be Match
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
charon
Affected version:
5.1.2
Resolution:
Won't fix
Description
case1 :
I use a *.domain.tld Certificate on my server side and use xxx.domain.tld to connect to the server(with strongSwan on Andoird 5.0) it says Constraint check failed: identity 'xxx.domain.tld' required.
case2:
I witch to a xxx.domain.tld Certificate on my server side and use xxx.domain.tld to connect to the server(with strongSwan on Andoird 5.0) it's OK now
Related issues
History
#1 Updated by Andreas Steffen about 8 years ago
- Status changed from New to Feedback
- Assignee set to Andreas Steffen
strongSwan does not support wildcard certificates.
Regards
Andreas
#2 Updated by Hong Zhang about 8 years ago
So is there any further plan to support wildcard certificate?
#3 Updated by Andreas Steffen about 8 years ago
Wildcards in certificates are deprecated due to security reasons (see e.g. section 7.2 of RFC 6125)
https://tools.ietf.org/html/rfc6125#section-7.2
Therefore do not expect us to support wildcards in strongSwan.
Regards
Andreas
#4 Updated by Tobias Brunner over 7 years ago
- Related to Issue #629: Wildcards certs not accepted by Android client added
#5 Updated by Noel Kuntze over 5 years ago
- Category set to charon
- Status changed from Feedback to Closed
- Assignee deleted (
Andreas Steffen) - Priority changed from High to Normal
- Resolution set to Won't fix