[Openswan Users] openswan-2 cvs x509 troubles
mcr at sandelman.ottawa.on.ca
Mon Apr 26 03:35:51 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Ken" == Ken Bantoft <ken at xelerance.com> writes:
Ken> Update to latest CVS... mcr commited a slew of changes for
Ken> X.509 policies tonight. They will probably fix this...
>> Further debugging of my "no RSA public key known" problem.
Latest CVS can say:
ifasked means to send the certificate if the other end asks. There was
a bug with leftsendcert=always that is now fixed.
At present the problem still seems to me that the certificate request
is not being sent when I want it to. I don't want to send it by
It was turned off by default because it seemed to cause problems for
Rule #1 - new code is always suspect when it causes old things to break.
Rule #2 - code without test cases gets disabled.
In CVS head, if you set leftca="..." on the gateway, then a CR for
that CA will be sent, and the certificates will get transfered. (test
Sending leftca=%any ought to alwo work as well, but does not at this
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Users