[Openswan Users] Openswan doesn't starts because pluto is down
Jorge Jimenez
jorge.jimenez at pross.com
Mon Jan 4 15:26:13 EST 2010
Hi Tuomo,
I try your patch but it ask me for a file, what file?
[root at pross-mon01 tmp]# patch < openswan.git-b451d26f471a5348fa8e2d16d74dace588825ae4.patch
(Stripping trailing CRs from patch.)
can't find file to patch at input line 15
Perhaps you should have used the -p or --strip option?
The text leading up to this was:
--------------------------
|From: Tuomo Soini <tis at foobar.fi>
|Date: Tue, 29 Dec 2009 23:16:15 +0000 (+0200)
|Subject: Remove extra sql: from NSS db directory name.
|X-Git-Url: http://git.openswan.org/cgi-bin/gitweb.cgi?p=openswan.git%2F.git;a=commitdiff_plain;h=b451d26f471a5348fa8e2d16d74dace588825ae4
|
|Remove extra sql: from NSS db directory name.
|
|Because of this extra sql: pluto couldn't open nss certificate database.
|---
|
|diff --git a/programs/pluto/plutomain.c b/programs/pluto/plutomain.c
|index 568ffdd..58686bd 100644
|--- a/programs/pluto/plutomain.c
|+++ b/programs/pluto/plutomain.c
--------------------------
File to patch:
Thanks and kind regards
¡Feliz Navidad y Prospero 2010!
Jorge Jiménez Miguélez
Avinguda Diagonal, 605 - 4ª Planta
08028 - Barcelona
Tel.: 902 01 35 34 - Móvil: 669 83 08 76
http://www.pross.com
-----Mensaje original-----
De: Tuomo Soini [mailto:tis at foobar.fi]
Enviado el: lunes, 04 de enero de 2010 20:39
Para: Jorge Jimenez
CC: Ondrej Valousek; users at openswan.org
Asunto: Re: [Openswan Users] Openswan doesn't starts because pluto is down
Jorge Jimenez wrote:
> Hi Ondrej,
>
> "certuil -H" isn't a valid option to certutil in my machine.
> I try:
>
> [root at pross-mon01 ~]# certutil -K
certutil -K -d /etc/ipsec.d
> [root at pross-mon01 ~]# certutil -L
certutil -L -d /etc/ipsec.d
> /var/log/secure contains 3 lines when I try to start ipsec:
>
> Jan 4 19:50:30 pross-mon01 ipsec__plutorun: Starting Pluto subsystem...
> Jan 4 19:50:30 pross-mon01 pluto[3035]: nss directory plutomain:
> sql:/etc/ipsec.d
I just fixed this in git. NSS support had hardcoded requirement for latest NSPR/NSS than el5 has. Fix was to remove hardcoded sql: from nss directory path.
> Jan 4 19:50:30 pross-mon01 pluto[3035]: NSS initialization failed
> (err -8174)
Try attached patch, it should fix your problem.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list