[Openswan dev] Bug#571133: openswan: pluto seems to ignore rightid if rightcert is set to missing file

Harald Jenny harald at a-little-linux-box.at
Sun Aug 22 06:04:40 EDT 2010

On Sun, Aug 22, 2010 at 12:53:12PM +0300, Tuomo Soini wrote:
> Paul Wouters wrote:
> > On Thu, 19 Aug 2010, Harald Jenny wrote:
> > I don't think it would hurt. But we're still looking at why an incorrectly
> > configured configuration that happened to work, "broke".
> > 
> > The check could be changed to see if dst->id.kind is loaded with "%fromcert"
> > before clearing it.
> This cleaning up was added to fix pluto crash with leftid=%fromcert and
> invalid or missing certificate in leftcert=.

Hmmm so there are two ways to clean up this situation: First is to allow a
leftid to be set if it's not %fromcert also when leftcert is missing, the
other is to make it clear in the error message that leftid is unset due to
the missing cert file. Which one does make more sense to you Tuomo?

> -- 
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux services
> +358 40 5240030
> Foobar Oy <http://foobar.fi/>

More information about the Dev mailing list