[Swan] [libreswan] "/etc/ipsec.d/{ca|aa}certs: No such file or directory" after "ipsec setup start" (#2)

T.J. Yang tjyang2001 at gmail.com
Mon Mar 4 04:14:37 EET 2013 

On Sun, Mar 3, 2013 at 12:29 PM, Tuomo Soini <tis at foobar.fi> wrote:

> On Wed, 27 Feb 2013 12:51:54 -0500 (EST)
> Paul Wouters <pwouters at redhat.com> wrote:
>
> > On Wed, 27 Feb 2013, T.J. Yang wrote:
> >
> > > Anyway to silence the following errors ? For a basic PSK setup with
> > > certificate creation, following error messages in pluto log file.
> > >
> > > Could not change to directory '/etc/ipsec.d/cacerts': No such file
> > > or directory Could not change to directory '/etc/ipsec.d/aacerts':
> > > No such file or directory Could not change to directory
> > > '/etc/ipsec.d/crls': 2 No such file or directory
>
> > I think we do need the crls one because we _do_ real CRLs from there.
> > I don't think we read AAcerts at all. I am not sure if we still take
> > CAcerts outside of the NSS db?
>
> Directory crls is used and needed.
>
> So is cacerts - that's where from we load 3rd party cacerts for
> veryfying remote certificates. That all works. Our own cacert is in
> nss db when imported from pkcs12 bundle.
>
> I don't know any use for aacerts currently.
>
> Make install does generates  all these directories.
>
> I'd like to know how was libreswan installed because make programs
> install does generate these dirs.
>
>
 It was installed using  yum command from
baseurl=http://download.libreswan.org/binaries/rhel/$releasever/$basearch/.

Looks like libreswan.spec can be modified to mkdir those missing
directories from "install -d" command like followings

[tjyang at centos631 rhel]$ grep "install -d"  libreswan.spec
install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto
install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer
install -d %{buildroot}%{_sbindir}
[tjyang at centos631 rhel]$


tj

> --
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux servicesneed to be fixed.

+358 40 5240030
> Foobar Oy <http://foobar.fi/>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>



-- 
T.J. Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130303/fbfa1115/attachment.html>

More information about the Swan mailing list