Two authentication errors within a verify_x509cert() function allows for malicious people to bypass security restrictions. Affected products include: superfreeswan 1.x, openswan 1.x to 2.x, strongSwan below 2.1.3, and any version of FreeS/WAN 1.x or 2.x with the X.509 patch.
253023ac78a99200fa4a578eb2c552042b67862d2e97d6c8f5ec337c052c25e6