Hi Totti, > Ok, but would the fallback from asn.1 to plain string then make sense?
The idea is good, but... > id = identification_create_from_encoding(ID_DER_ASN1_DN, data); This constructor does not do any parsing or verifying. The (assumed) ASN.1 encoding is just copied. The data will only get parsed as DN once the identity is compared or printed. But I guess we could add an additional verification step to the from_data() constructor. I pushed a possible fix to the dn-from-data branch [1]. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/dn-from-data
