[Openswan Users] ANNOUNCE: add-on patches for freeswan-2.04-x509-1.5.0

Andreas Steffen andreas.steffen at strongsec.net
Wed Feb 4 16:40:57 CET 2004

openswan-2.0.0 is still based on freeswan-2.04 and x509-1.4.8, only.
It contains no additional features as e.g. AES support or NAT-Traversal.

Two weeks ago I released my newest patch x509-1.5.0 available from


which supports now the Online Certificate Status Protocol (OCSP).

Since most people need either AES or NAT-T or even both patches
I have released fixed versions of JuanJo Ciarlante's and Mathieu Lafon's
patches that can be added to my latest x509 release.

JuanJo Ciarlante <jjo-ipsec at mendoza.gov.ar> has written a number of
patches for the AES, Twofish, Blowfish, and Serpent encryption
algorithms that can be used by IKE and IPsec ESP. Runs with KLIPS
under Linux 2.4 as well as under the native Linux 2.6 IPsec stack.


Mathieu Lafon <mlafon at arkoon.net> has implemented NAT-T traversal
and the support of informative notification messages. Both patches
adapted for freeswan-2.04-x509-1.5.0 can be downloaded here:



Unfortunately the algo patch cannot be installed on top of the NAT-T patch
or vice versa due to some header file conflict caused by union hash_ctx
defined in crypto.h. I had a look at the problem yesterday but could
not solve it yet.

These patches are an interim solution for people who want to start
using the latest X.509 features *now*. I hope that openswan-2.x.x will
catch up quickly so that these patches will become obsolete.

Kind regards


Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

More information about the Users mailing list