[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(racoon 818) Re: call to getaddrinfo() in oakley.c
- To: racoon@kame.net
- Subject: (racoon 818) Re: call to getaddrinfo() in oakley.c
- From: Josef Pojsl <jp@tns.cz>
- Date: Thu, 21 Oct 2004 10:04:26 +0200
- Delivered-to: racoon-archive@kame.net
- Delivered-to: racoon-outgo@kame.net
- Delivered-to: racoon@kame.net
- In-reply-to: <20040408171733Z.sakane@kame.net>
- Mail-followup-to: Josef Pojsl <jp@tns.cz>, racoon@kame.net
- References: <20040331133000.GH317@bertik.tns.cz> <20040408171733Z.sakane@kame.net>
- Reply-to: racoon@kame.net
- Sender: owner-racoon@kame.net
- User-agent: Mutt/1.5.1i
Dear Shoichi,
I apologize for replying to this message that late.
In fact, I somehow missed your answer and have found it now,
when the same problem reappeared after having upgraded racoon to 20040818a.
So, as I said, the behavior is still the same as I had described
in message (racoon 459), even with 20040818a.
I am attaching both certificates; the one that is being checked
is mail-cert.pem (the certificate of our peer); our own certificate
is hci-cert.pem.
I have generated both these certificates myself. The values of subjectAltName
are altered in openssl through the file openssl.cnf where I have something
like this:
subjectAltName=IP:1.2.3.4
Sorry for the mess and thank you.
With kind regards,
--
Josef
On Thu, Apr 08, 2004 at 05:17:33PM +0900, Shoichi Sakane wrote:
> > I have dived into the sources and found out that on line 1691 in oakley.c,
> > getaddrinfo() call returns EAI_NONAME. Its argument altname is the value
> > of altname obtained from eay_get_x509subjectaltname() a few lines above.
> > The value of altname is a network-order four-byte IP address,
> > but getaddrinfo() (at least, on FreeBSD 4.9) accepts only strings
> > in dot notation as its first argument.
>
> when i wrote the code to get the subjectAltName from the cert
> by using the openssl function, the function returned the string of
> the subjectAltName even when the type is IP address.
> so i wrote converting the string to the binary when the type is IP
> address. do you know that the API was changed ?
>
> Or i suspect the value of the subjectAltName in your certificate.
> could you show me the certificate "hci-cert.pem" when you tested ?
>
>
-----BEGIN CERTIFICATE-----
MIIDgzCCAuygAwIBAgIBAjANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJDWjEL
MAkGA1UECBMCSk0xDTALBgNVBAcTBEJybm8xFDASBgNVBAoTC0hvbWUgQ3JlZGl0
MRswGQYDVQQDExJIb21lIENyZWRpdCBWUE4gQ0ExGDAWBgkqhkiG9w0BCQEWCWpw
QHRucy5jejAeFw0wMzEyMDMxMDQyNTFaFw0wNDEyMDIxMDQyNTFaMIGEMQswCQYD
VQQGEwJSVTELMAkGA1UECBMCTU8xDzANBgNVBAcTBk1vc2NvdzEUMBIGA1UEChML
SG9tZSBDcmVkaXQxGzAZBgNVBAMTEm1haWwuaG9tZWNyZWRpdC5ydTEkMCIGCSqG
SIb3DQEJARYVZXJtYWtvdkBob21lY3JlZGl0LnJ1MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQCdJw1++T+ouFIrJHQ6cJXtrYdgyU0LvXCPpk8nFQi6IcSIi6zR
e2RdwTWSKJRK+plw7sKPmVGVd2jDg2BoFliKS/gUEscYOWVCYZ/wKZHbL49qpIaG
XqohXL6TC6PhPU1zxH7ZWvZfhlkd39fdPURUeqhugHwCtxnbEPloAQvXhwIDAQAB
o4IBEDCCAQwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l
cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFAFDltjc/IAwiQlvZQDUoqncFPKo
MIGgBgNVHSMEgZgwgZWAFNWCUKf9dPLy4HP6ZPuCyjfy8N2foXqkeDB2MQswCQYD
VQQGEwJDWjELMAkGA1UECBMCSk0xDTALBgNVBAcTBEJybm8xFDASBgNVBAoTC0hv
bWUgQ3JlZGl0MRswGQYDVQQDExJIb21lIENyZWRpdCBWUE4gQ0ExGDAWBgkqhkiG
9w0BCQEWCWpwQHRucy5jeoIBADAPBgNVHREECDAGhwTZRdijMA0GCSqGSIb3DQEB
BAUAA4GBAKchhyCywnLFWQB1XMiM+tQXFfRV9/oyF4mX7V6m/xwYZV8kNKkKqBAX
pwBJ+mHmzrDP1C36pgduE2FgMohOjrz3ouC/iTdVHj7yM9YhjNeblkbrcvdG3Imj
YuOIS19JE6AZqEKo6WH9S1jk34ItfCidjU6TzkM+wEPv+CP6kRe4
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDeTCCAuKgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB2MQswCQYDVQQGEwJDWjEL
MAkGA1UECBMCSk0xDTALBgNVBAcTBEJybm8xFDASBgNVBAoTC0hvbWUgQ3JlZGl0
MRswGQYDVQQDExJIb21lIENyZWRpdCBWUE4gQ0ExGDAWBgkqhkiG9w0BCQEWCWpw
QHRucy5jejAeFw0wNDAzMTIwOTUzMDlaFw0wNTAzMTIwOTUzMDlaMHsxCzAJBgNV
BAYTAkNaMQswCQYDVQQIEwJKTTENMAsGA1UEBxMEQnJubzEUMBIGA1UEChMLSG9t
ZSBDcmVkaXQxFzAVBgNVBAMTDmhjaS1hLmhjaWFzLmN6MSEwHwYJKoZIhvcNAQkB
FhJ6bWF0b3VzZWtAaGNpYXMuY3owgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMNuF4K7UIfPHzurnyG3IS6ZsHiTyysQHeyE/6cWBmdbN4C31JFv61T01nEBfeg3
liYSgcp3lWsmNuu9qO8wPCGE9E9oMM88A3kWSBrd2i/Ix2kCfkBNIZB9JmQNLvi4
KXhftStXGH3+rDl98uTkJ9mBOsoPPtIB4WxnKfWZ4ISXAgMBAAGjggEQMIIBDDAJ
BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
aWZpY2F0ZTAdBgNVHQ4EFgQUtxSOT2QcHsrVpCmMPW7vTkagMvgwgaAGA1UdIwSB
mDCBlYAU1YJQp/108vLgc/pk+4LKN/Lw3Z+heqR4MHYxCzAJBgNVBAYTAkNaMQsw
CQYDVQQIEwJKTTENMAsGA1UEBxMEQnJubzEUMBIGA1UEChMLSG9tZSBDcmVkaXQx
GzAZBgNVBAMTEkhvbWUgQ3JlZGl0IFZQTiBDQTEYMBYGCSqGSIb3DQEJARYJanBA
dG5zLmN6ggEAMA8GA1UdEQQIMAaHBFC8zPIwDQYJKoZIhvcNAQEEBQADgYEAsE22
MyTjk3JJbRTHq8jeA1xVze4CpE+iT7Ipj92wVMZfgqHWOsAs3+KrK1LgcBttQh1q
8//Z9xNLqlwsToNnOhv0m1Dp3FHnL2cdtKA6pZXNNXJDP4/HvLTbWSAColXls/97
26BBpG5wmoOpKo28SBI5UEd9LDmdGhgt9YSUdlw=
-----END CERTIFICATE-----