Menu
▾
▴
Re: [Ipsec-tools-devel] ISAKMP Certificate Request does not contain Issuer DN
|
From: JL <ips...@rr...> - 2008-09-10 17:25:17
|
2008/9/10 JL <ips...@rr...>: > 2008/9/10 Timo Teräs <tim...@ik...>: >> JL wrote: >>> 1) where you don't want to send the field in the CR request (the >>> existing behaviour of 0.7). There may be some bad software out there >>> that breaks if it receives the field, so a user may want to turn it >>> off. >> >> Maybe have a third option for send_cr. "with_issuer" or something. > That's neater than a separate config entry. I'll do that. > >> >> So getting DN for cert request is from: >> 1) peers_certfile issuer >> 2) ca_type cert subject >> >> Cheers, >> Timo >> > > So I'll do: > send_cr ( on | off | with_issuer ) > where with_issuer while use the first of: > "peers certfile" Issuer, > "ca_type" Subject, > abort with error > > Thanks, > -- > Jarrod Lowe > This is a very initial pass (I am about to go home for the evening). I haven't tested all code paths, but I have got it working with the cacert's DN in my testing. All the bits to do with configuration have been commented out, as they broke the entire thing, and I have not yet figured out why. I would appreciate anyone familiar with the code base casting a weary eye over it, to see if there is anything to comment on, or warn about. Thanks, -- Jarrod Lowe |