[Openswan Users] CERTREQ and ipsec.conf
Paul Wouters
paul at xelerance.com
Wed Aug 17 17:23:46 CEST 2005
On Wed, 17 Aug 2005, david wrote:
> I want to add a "certicate request" on the message of the Responder, like this :
> the source code corresponding is present in the file
> openswan/programs/pluto/ipsec_doi.c
>
> but it seems to me that by default it is not used (?)
> So is there a way to activate it with the ipsec.conf file ?
Do you mean:
leftsendcert This option configures when Openswan will send X.509 cer-
tificates to the remote host. Acceptable values are
yes|always (signifying that we should always send a cer-
tificate), ifasked (signifying that we should send a cer-
tificate if the remote end asks for it), and no|never
(signifying that we will never send a X.509 certificate).
The default for this option is ifasked which may break
compatibility with other vendors IPSec implementations,
such as Cisco and SafeNet. If you find that you are get-
ting errors about no ID/Key found, you likely need to set
this to always.
> I don't know if I should better post this to the dev mailing list so ....
If this does not answer your question, please do.
Paul
More information about the Users
mailing list