[Openswan dev] Bug#571133: openswan: pluto seems to ignore rightid if rightcert is set to missing file
Paul Wouters
paul at xelerance.com
Thu Aug 19 11:37:47 EDT 2010
On Thu, 19 Aug 2010, Harald Jenny wrote:
> I think I found something:
>
> in programs/pluto/connections.c, line 816
>
> if(!valid_cert) {
> whack_log(RC_FATAL, "can not load certificate file %s\n"
> , filename);
> /* clear the ID, we're expecting it via %fromcert */
> dst->id.kind = ID_NONE;
> return;
> }
>
> This is an incorrect assumption because since version 2.5.16 leftid does not
> default anymore to %fromcert. On the other hand it seems that in 2.4.12 the
> leftid value is kept even when no leftcert is present. What implications would
> a removal of
> dst->id.kind = ID_NONE;
> have?
I don't think it would hurt. But we're still looking at why an incorrectly
configured configuration that happened to work, "broke".
The check could be changed to see if dst->id.kind is loaded with "%fromcert"
before clearing it.
Paul
>>
>> Paul
>
> Kind regards
> Harald
>
More information about the Dev
mailing list