[Openswan Users] CERTREQ and ipsec.conf

Paul Wouters paul at xelerance.com
Wed Aug 17 17:23:46 CEST 2005


On Wed, 17 Aug 2005, david wrote:

> I want to add a "certicate request" on the message of the Responder, like this :

> the source code corresponding is present in the file
> openswan/programs/pluto/ipsec_doi.c
>
> but it seems to me that by default it is not used (?)
> So is there a way to activate it with the ipsec.conf file ?

Do you mean:

        leftsendcert  This option configures when Openswan will send X.509 cer-
                      tificates to  the  remote  host.  Acceptable  values  are
                      yes|always  (signifying that we should always send a cer-
                      tificate), ifasked (signifying that we should send a cer-
                      tificate  if  the  remote  end asks for it), and no|never
                      (signifying that we will never send a X.509 certificate).
                      The  default  for  this option is ifasked which may break
                      compatibility with other vendors IPSec  implementations,
                      such  as Cisco and SafeNet. If you find that you are get-
                      ting errors about no ID/Key found, you likely need to set
                      this to always.

> I don't know if I should better post this to the dev mailing list so ....

If this does not answer your question, please do.

Paul


More information about the Users mailing list