Hi Alex, > Jun 29 13:49:12 06[LIB] <x509-certs-ikev2|1> executing MySQL statement > failed: Duplicate entry > '9-0\x81\x881\x1D0\x1B\x06\x03U\x04\x03\x0C\x14sumvis...@york.ac.' for key > 'type'
That shouldn't happen as right before that insert there is a query that should return the identity inserted previously (see [1]). The reason why that's not the case here is the short default length of the `data` column in the `identities` table (64 bytes). Because the binary ASN.1 encoding of the client certificate's subject DN (CN=sumvis...@york.ac.uk, O=University of York, OU=IT Services, L=York, ST=North Yorkshire, C=GB) is 139 bytes long it gets cut off. Which means the lookup fails (the shortened value in the table does not match the actual identity), however, when inserting the value again the same shortened entry already exists, causing this constraint failure. So either change the length of the data field in the database table, or use shorter identities (e.g. sumvis...@york.ac.uk if that's contained in a subjectAlternativeName extension in the certificate). Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/attr_sql/attr_sql_provider.c;h=33d9f99fcdccbfde02e97061bd2fe7ff5942d7e5;hb=HEAD#l58