[Swan] Wildcards in rightid DistinguishedName
Wewegama, Kavinda
Kavinda.Wewegama at forcepoint.com
Fri Feb 12 20:23:41 UTC 2021
There is a known issue involving RDN wildcard matching: https://github.com/libreswan/libreswan/issues/335
-Kavinda
> -----Original Message-----
> From: Swan <swan-bounces at lists.libreswan.org> On Behalf Of Manfred
> Sent: Friday, February 12, 2021 11:29 AM
> To: swan at lists.libreswan.org
> Subject: EXTERNAL: [Swan] Wildcards in rightid DistinguishedName
>
> Following the example in:
>
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2#ip
> sec.conf_for_IKEv2_Machine_Certificate_VPN_server
>
> where it says:
>
> > # optional rightid with restrictions
> > # rightid="C=CA, L=Toronto, O=Libreswan Project, OU=*, CN=*, E=*"
>
> I see that wildcards are allowed, but using "... CN=*.example.com" fails to
> match "... CN=test.example.com"
>
> As far as I can see only rightid="... CN=test.example.com" or rightid="...
> CN=*" may be used to match this DNS name.
>
> Is there any way to match partial wildcards for DN components?
>
> Thanks in advance for any clarification.
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list