From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Tue Oct 22 2002 - 23:34:27 CEST
The problem is clearly with Checkpoint's VPN-1 since it always
sends IPV4_ADDR IDs and cannot be configured to send an DER_ASN1_DN
instead. The only correct solution is to put Checkpoint's IP address
as a subjectAltName into the certificate.
Regards
Andreas
Steffen Rohr wrote:
> Hi all,
>
> i can't get a connection between freeswan and Checkpoint FW1 using X.509.
> The Problem is, that Checkpoint send IPV4_ADDR but freeswan wants the
> DER_ASN1_DN. I have got the same problem with ssh-sentinel -> Checkpoint.
> It is impossible to add a subject-alternate name to the certificate.
>
> I was looking for an answer and found a mail from Markus Wernig
>
> http://lists.freeswan.org/pipermail/users/2002-March/008604.html
>
> and the problem was solved.
>
>
> Now my questions:
> 1. Is the sequence how to check the four ID types (DER_ASN1_DN, FQDN,
> USER_FQDN, IPV4_ADDR) defined (RFC)?
> 2. Does Checkpoint violate the standard?
> 3. Is there a solution planned for future releases of the X.509 patch?
>
>
> I need this information for my degree dissertation.
>
> Thanks,
> Steffen
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_strongsec.com strongSec GmbH phone: +41 76 340 25 56 Alter Zürichweg 20 home: http://www.strongsec.com CH-8952 Schlieren (Switzerland) ==========================================[strong internet security]== _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 24 2002 - 05:20:31 CEST