Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 308732 Details for
Bug 449382
openswan segv using RSA PKIX (x.509) mode
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
this commit is part of the leftid= change when using certs
7b476df8b2e144d0ec8ba41c99b45a708a6e0bae.patch (text/plain), 3.60 KB, created by
Paul Wouters
on 2008-06-09 17:56:58 UTC
(
hide
)
Description:
this commit is part of the leftid= change when using certs
Filename:
MIME Type:
Creator:
Paul Wouters
Created:
2008-06-09 17:56:58 UTC
Size:
3.60 KB
patch
obsolete
>commit 7b476df8b2e144d0ec8ba41c99b45a708a6e0bae >Author: Michael Richardson <mcr@xelerance.com> >Date: Tue Dec 18 16:52:31 2007 -0500 > > left leftid=%fromcert to get ID from certificate, otherwise, > do not force this default on people who might know better. > > Signed-off-by: Michael Richardson <mcr@xelerance.com> > >diff --git a/lib/libopenswan/id.c b/lib/libopenswan/id.c >index d4efd1f..e5b31f2 100644 >--- a/lib/libopenswan/id.c >+++ b/lib/libopenswan/id.c >@@ -71,6 +71,14 @@ atoid(char *src, struct id *id, bool myid_ok) > { > id->kind = ID_MYID; > } >+ else if (streq("%fromcert", src)) >+ { >+ id->kind = ID_FROMCERT; >+ } >+ else if (streq("%none", src)) >+ { >+ id->kind = ID_NONE; >+ } > else if (strchr(src, '=') != NULL) > { > /* we interpret this as an ASCII X.501 ID_DER_ASN1_DN */ >@@ -203,8 +211,14 @@ idtoa(const struct id *id, char *dst, size_t dstlen) > id = resolve_myid(id); > switch (id->kind) > { >+ case ID_MYID: >+ n = snprintf(dst, dstlen, "%s", "%myid"); >+ break; >+ case ID_FROMCERT: >+ n = snprintf(dst, dstlen, "%s", "%fromcert"); >+ break; > case ID_NONE: >- n = snprintf(dst, dstlen, "(none)"); >+ n = snprintf(dst, dstlen, "%s", "(none)"); > break; > case ID_IPV4_ADDR: > case ID_IPV6_ADDR: >diff --git a/linux/include/openswan/ipsec_policy.h b/linux/include/openswan/ipsec_policy.h >index 2793b90..ddd0fcf 100644 >--- a/linux/include/openswan/ipsec_policy.h >+++ b/linux/include/openswan/ipsec_policy.h >@@ -126,6 +126,7 @@ enum ipsec_comp_algo { > */ > > enum ipsec_id_type { >+ ID_FROMCERT= (-3), /* taken from certificate */ > ID_IMPOSSIBLE= (-2), /* private to Pluto */ > ID_MYID= (-1), /* private to Pluto */ > ID_NONE= 0, /* private to Pluto */ >diff --git a/programs/_confread/d.ipsec.conf/leftid.xml b/programs/_confread/d.ipsec.conf/leftid.xml >index e5e1056..73cd112 100644 >--- a/programs/_confread/d.ipsec.conf/leftid.xml >+++ b/programs/_confread/d.ipsec.conf/leftid.xml >@@ -12,9 +12,22 @@ syntax) > or a fully-qualified domain name preceded by > <emphasis remap='B'>@</emphasis> > (which is used as a literal string and not resolved). >+ >+The magic value >+<emphasis remap='B'>%fromcert</emphasis> >+causes the ID to be set to a DN taken from a certificate that is loaded. >+Prior to 2.5.16, this was the default if a certificate was specified. >+ >+The magic value >+<emphasis remap='B'>%none</emphasis> >+sets the ID to no ID. This is included for completeness, as the ID may >+have been set in the default conn, and one wishes for it to default instead >+of being explicitely set. >+ > The magic value > <emphasis remap='B'>%myid</emphasis> > stands for the current setting of <emphasis remap='I'>myid</emphasis>. >+ > This is set in <emphasis remap='B'>config setup</emphasis> or by <citerefentry><refentrytitle>ipsec_whack</refentrytitle><manvolnum>8</manvolnum></citerefentry>), or, if not set, > it is the IP address in <emphasis remap='B'>%defaultroute</emphasis> (if that is supported by a TXT record in its reverse domain), or otherwise > it is the system's hostname (if that is supported by a TXT record in its forward domain), or otherwise it is undefined.</para> >diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c >index b112ff8..d901e0a 100644 >--- a/programs/pluto/connections.c >+++ b/programs/pluto/connections.c >@@ -777,7 +777,9 @@ load_end_certificate(const char *filename, struct end *dst) > break; > > case CERT_X509_SIGNATURE: >- select_x509cert_id(cert.u.x509, &dst->id); >+ if(dst->id.kind == ID_FROMCERT || dst->id.kind == ID_NONE) { >+ select_x509cert_id(cert.u.x509, &dst->id); >+ } > > if (!cached_cert) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=308732">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 449382
:
308365
|
308711
|
308714
|
308715
|
308716
|
308717
|
308720
|
308729
| 308732