[Openswan Users] Openswan 2.1.1 not sending certificates
Andreas Steffen
andreas.steffen at strongsec.net
Thu Apr 1 00:05:56 CEST 2004
Yes, I know. My X.509 code in openswan-2.x.x was mutilated by the
Openswan team so that a certificate request will never be sent.
In ipsec_doi.c you'll find the hardcoded statement
bool send_cr = FALSE;
This is exactly the reason why I decided to launch the
strongSwan project. I didn't want to compare thousands of my own
code lines in order to find out what had been changed during
the merge into openswan-2.x.x.
Regards
Andreas
Paul Wouters wrote:
> This message was disgarded by mailman.
>
> Paul
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Openswan 2.1.1 not sending certificates
> From:
> Marcus Better <marcus at dactylis.com>
> Date:
> Wed, 31 Mar 2004 18:38:15 +0200
> To:
> users at lists.openswan.org
>
> To:
> users at lists.openswan.org
>
>
> Hi,
>
> I have a setup with X.509 certificates between Linux clients and an
> OpenBSD security gateway. It works with FreeS/WAN 2.05 with the X.509
> patch, but does not work with Openswan 2.1.1.
>
> I am attaching the Pluto debug output from both versions. Everything
> looks identical up to the point where FreeS/WAN Pluto sends the "ISAKMP
> Certificate Payload". Openswan never sends this.
>
> The attached ipsec.conf and Pluto output have been slightly scrubbed for
> sensitive information, but should be sufficient to see what is going on.
>
> Did I miss any change of behaviour in Pluto or the X.509 handling?
>
> Thanks,
>
> Marcus
>
>
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Users
mailing list