[Swan-dev] authenticated by RSA public key 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing at libreswan.org' using SHA2_512
Paul Wouters
paul at nohats.ca
Sun Feb 28 17:21:53 UTC 2021
- Previous message (by thread): [Swan-dev] authenticated by RSA public key 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing at libreswan.org' using SHA2_512
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
On Sat, 27 Feb 2021, Andrew Cagney wrote:
> I'm getting ready to push a change in how authentication is logged.
> The long term objective is to get the authentication down to a single
> line (perhaps per-auth method allowed?).
Sounds good.
> -> I'll probably reword it so that <hash> comes earlier in the
> possibly very long log line
ok.
> -> it should probably include "local" or "remote" to indicate where
> the cert came from
The term local/remote might not make it clear whether it is identifying
the local/remote or whether the cert is configured locally or received
from the remote ? Maybe use "locally configured cerficiate" and "received
remote certificate" ? But that is using a lot of characters. Maybe
"received peer certificate"
> -> is anything missing?
Nothing comes to mind.
> +003 "ikev1-aggr-failtest" #3: RSA signature check for '@east-v1'
> failed, tried preloaded certs: *000000000(length)
>
> -> I'm not sure if "(length)" is helpful or not, it could be made longer?
I don't think so.
> -> I'm going to rename "preloaded" to "local"
Again that might be confusing people to think you tried to verify the
peer using a certificate for the local endpoint, versus verifying the
peer using a locally stored certificate". Maybe "preconfigured", or
"locally stored" ?
Paul
- Previous message (by thread): [Swan-dev] authenticated by RSA public key 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east at testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing at libreswan.org' using SHA2_512
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Swan-dev
mailing list