diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-05-24 03:15:38 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-05-24 03:15:38 +0000 |
| commit | aff30522d27ab357e30b25cc4e71d37770cab4e9 (patch) | |
| tree | bd282ee6ccced171678824ec06cf154a30899cd0 /sbin | |
| parent | 0630146c228b8ba11316c38fba0e53270064e2ae (diff) | |
Match the IDs without checking the ASN1 length field, similar to how
we do things in x509.c --- this should solve some problems with
certificate-based authentication not working.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/ike_auth.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index bfdcfde757a..03db1a74d43 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.39 2001/04/09 12:34:37 ho Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.40 2001/05/24 03:15:37 angelos Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -693,7 +693,8 @@ rsa_sig_decode_hash (struct message *msg) id_found = 0; for (i = 0; i < n; i++) if (id_cert_len[i] == id_len - && memcmp (id, id_cert[i], id_len) == 0) + && id[0] == id_cert[i][0] + && memcmp (id + 4, id_cert[i] + 4, id_len - 4) == 0) { id_found++; break; |