[Openswan Users] CERTREQ and ipsec.conf

david david2005.p at gmail.com
Wed Aug 17 16:27:01 CEST 2005


Hi all,

On my IKE phase 1 authenticated with signatures I ve got this,

Init                                                       Resp
HDR, SA                              --->         
                                           <---         HDR, SA
HDR, KE, Ni                         --->         
                                           <---         HDR, KE, Nr
HDR*, IDii, [ CERT, CERTREQ ] SIG_I     --->
                                           <---         HDR*, IDir, [
CERT ] SIG_R

I want to add a "certicate request" on the message of the Responder, like this :

Init                                                       Resp
HDR, SA                              --->         
                                           <---         HDR, SA
HDR, KE, Ni                         --->         
                                           <---         HDR, KE, Nr, [ CERTREQ ]
HDR*, IDii, [ CERT,  CERTREQ ] SIG_I     --->
                                           <---         HDR*, IDir, [
CERT ] SIG_R

the source code corresponding is present in the file
openswan/programs/pluto/ipsec_doi.c

but it seems to me that by default it is not used (?)
So is there a way to activate it with the ipsec.conf file ?

I don't know if I should better post this to the dev mailing list so ....

rgds , David


More information about the Users mailing list