[Openswan Users] Apple macOSX 10.4.3: success!

Paul Wouters paul at xelerance.com
Tue Nov 15 01:55:13 CET 2005


On Mon, 14 Nov 2005, Jacco de Leeuw wrote:

> The certificates GUI is indeed missing on Panther (10.3.x) but I was
> referring to earlier versions of Tiger (10.4.0 - 10.4.2). If I remember
> correctly, these versions do have the 'Select certificate' button.

Oops right. Well people with 10.4.[012] can upgrade for free and should.

> > The GUI allows you to unlock those keychains as well. So it should still be
> > possible to do through the GUI. Open Keychain Access.app and on the far left
> > bottom corner you see a 'show keychains' option. Then you should be able to
> > see (and unlock) the System keychain.
>
> Believe me, I tried. I cannot get it to work as advertised. I get the
> CL_INVALID_FIELD_POINTER error.

Ok, next week I will try :)

> > > I guess the only remaining problem is the bug in Apple's racoon where they
> > > swapped the NAT-D hashs: http://bugs.xelerance.com/view.php?id=462
> > > Peter Van der Beken made a workaround but it is not in the recently
> > > released Openswan 2.4.2.
> >
> > It is broken.
>
> The workaround is broken? Or do you mean Apple's racoon? Openswan 2.4.2?

Yes, the workaround is broken. It is reported to break when there is no
nat. Ou rtest results also showed other strange behaviour with nat-t tests
failing, hence the overhaul of the code to fix that.

Paul


More information about the Users mailing list