[Openswan Users] openswan 2.1.0rc1 and crls

Desai, Jason jase at sensis.com
Tue Mar 9 11:16:14 CET 2004


Hello.  I have been trying to get IPSec/L2TP working from my Pocket PC to a
linux server.  I have been able to get this to work using FreeSwan.  But I
cannot get this working when the Pocket PC is NATed.  So, I am trying to use
openswan 2.1, which has support for NAT-T.

I am having trouble just getting pluto to run.  It core dumps on me right
after loading my crl.  If I move my crl to a different directory, pluto will
start fine, but complains about not being able to load a crl for my ca when
I try to connect.  I think the crl file is fine.  Does anyone have any
suggestions?

Thanks in advance for any help.

Jason Desai

Some info:

# openssl openssl crl -in /etc/ipsec.d/crls/Sensis2-crl.pem -noout -text
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: /C=US/ST=New York/L=DeWitt/O=Sensis Corporation/CN=Sensis
Certificate Authority 2/Email=ca at sensis.com
        Last Update: Mar  9 15:52:03 2004 GMT
        Next Update: Apr  8 15:52:03 2004 GMT
Revoked Certificates:
    Serial Number: 02
        Revocation Date: Sep 30 17:24:29 2003 GMT
    Serial Number: 03
        Revocation Date: Sep 30 18:35:53 2003 GMT
    Serial Number: 04
        Revocation Date: Sep 30 18:34:40 2003 GMT
    Signature Algorithm: md5WithRSAEncryption
        9d:d0:c0:41:e0:d5:61:40:50:46:2e:a6:93:1a:01:bf:6f:57:
        d6:61:73:1d:f4:c4:96:4d:4e:16:b0:9d:b4:38:22:a5:db:9f:
        bc:07:30:49:1d:a3:53:ba:2a:af:c8:b2:97:be:57:f4:58:08:
        0a:1b:46:ef:45:fc:d8:99:38:9d:16:4e:21:54:34:37:6d:b0:
        72:97:20:2d:d3:9d:92:3c:6c:92:ee:56:d0:29:e0:6b:9d:fa:
        a2:88:b0:00:35:93:14:aa:3c:30:ac:70:68:d8:4f:19:54:df:
        2a:ca:03:c6:b4:bc:1a:c7:82:70:73:a2:77:05:6f:ca:87:55:
        86:55:16:71:40:fd:dd:4f:73:4b:f6:b3:50:65:d6:43:25:ec:
        c0:5a:62:90:65:99:75:8b:17:56:ea:0d:e5:fb:fd:e5:ba:47:
        bd:31:bf:01:14:4c:75:6e:f7:c8:fa:da:98:2c:25:84:11:c9:
        82:55:6d:97:d2:4c:62:a2:a3:5a:3e:2f:d8:a9:ae:43:3e:9b:
        b7:6c:48:12:52:2a:fd:a8:ed:78:7a:30:a1:12:5a:24:cb:ce:
        f7:85:eb:1a:11:23:5b:74:1f:46:3e:b8:5a:f0:6b:c6:0a:15:
        6f:f7:71:6d:ba:f9:20:af:8a:7b:65:cd:d2:b7:58:51:3d:b0:
        2c:3c:0d:06

# cat /etc/ipsec.d/crls/Sensis2-crl.pem
-----BEGIN X509 CRL-----
MIICGzCCAQMwDQYJKoZIhvcNAQEEBQAwgZUxCzAJBgNVBAYTAlVTMREwDwYDVQQI
EwhOZXcgWW9yazEPMA0GA1UEBxMGRGVXaXR0MRswGQYDVQQKExJTZW5zaXMgQ29y
cG9yYXRpb24xJzAlBgNVBAMTHlNlbnNpcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkg
MjEcMBoGCSqGSIb3DQEJARYNY2FAc2Vuc2lzLmNvbRcNMDQwMzA5MTU1MjAzWhcN
MDQwNDA4MTU1MjAzWjA8MBICAQIXDTAzMDkzMDE3MjQyOVowEgIBAxcNMDMwOTMw
MTgzNTUzWjASAgEEFw0wMzA5MzAxODM0NDBaMA0GCSqGSIb3DQEBBAUAA4IBAQCd
0MBB4NVhQFBGLqaTGgG/b1fWYXMd9MSWTU4WsJ20OCKl25+8BzBJHaNTuiqvyLKX
vlf0WAgKG0bvRfzYmTidFk4hVDQ3bbBylyAt052SPGyS7lbQKeBrnfqiiLAANZMU
qjwwrHBo2E8ZVN8qygPGtLwax4Jwc6J3BW/Kh1WGVRZxQP3dT3NL9rNQZdZDJezA
WmKQZZl1ixdW6g3l+/3luke9Mb8BFEx1bvfI+tqYLCWEEcmCVW2X0kxioqNaPi/Y
qa5DPpu3bEgSUir9qO14ejChEloky873hesaESNbdB9GPrha8GvGChVv93Ftuvkg
r4p7Zc3St1hRPbAsPA0G
-----END X509 CRL-----

# gdb /root/openswan-2.1.0rc1/programs/pluto/pluto /etc/ipsec.d/crls/core
GNU gdb 2002-04-01-cvs
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...
Core was generated by `/usr/local/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipse'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libgmp.so.3...done.
Loaded symbols for /usr/lib/libgmp.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x400bf356 in malloc () from /lib/libc.so.6
(gdb) bt
#0  0x400bf356 in malloc () from /lib/libc.so.6
#1  0x400bf074 in malloc () from /lib/libc.so.6
#2  0x08053386 in alloc_bytes (size=92, name=0x80ab125 "x509crl") at
defs.c:209
#3  0x080853a3 in insert_crl (blob=
      {ptr = 0x80cabb0
"0\202\002\e0\202\001\0030\r\006\t*\206H\206÷\r\001\001\004\005", len =
543}, crl_uri=
      {ptr = 0x80cb308 "file:///etc/ipsec.d/crls/Sena", len = 26})
    at x509.c:1640
#4  0x080857f1 in load_crls () at x509.c:1776
#5  0x08058734 in main (argc=8, argv=0xbffffb54) at plutomain.c:639
(gdb)


More information about the Users mailing list