[Openswan Users] Openswan's userland tools vs. IPsec-Tools ?

Paul Wouters paul at xelerance.com
Thu Oct 28 22:52:28 CEST 2004

On Thu, 28 Oct 2004, Jacco de Leeuw wrote:

> I don't mean to troll, but are you saying that KAME/ipsec-tools have NOT been
> written with security in mind?

Not as pedantic as the freeswan people. People from the old freeswan team had
been part of the ansi C committee :) (you gotta love the passert()'s :)

Seriously, if you check out the CVE entries for Racoon, it doesn't make you
happy. Really huge bugs have been found by Ralf Spenneberg that have been in
there for years.

freeswan/openswan only has had security issues with the X.509 code (ca-cert
signature path verification and ASN.1 parser problems) and one netlink
issue (which was really a kernel bug, but exploitable through the netlink


More information about the Users mailing list