[Swan] [libreswan] "/etc/ipsec.d/{ca|aa}certs: No such file or directory" after "ipsec setup start" (#2)
Tuomo Soini
tis at foobar.fi
Mon Mar 4 07:42:30 EET 2013
On Sun, 3 Mar 2013 20:14:37 -0600
"T.J. Yang" <tjyang2001 at gmail.com> wrote:
> On Sun, Mar 3, 2013 at 12:29 PM, Tuomo Soini <tis at foobar.fi> wrote:
>
> > On Wed, 27 Feb 2013 12:51:54 -0500 (EST)
> > Paul Wouters <pwouters at redhat.com> wrote:
> >
> > > On Wed, 27 Feb 2013, T.J. Yang wrote:
> > >
> > > > Anyway to silence the following errors ? For a basic PSK setup
> > > > with certificate creation, following error messages in pluto
> > > > log file.
> > > >
> > > > Could not change to directory '/etc/ipsec.d/cacerts': No such
> > > > file or directory Could not change to directory
> > > > '/etc/ipsec.d/aacerts': No such file or directory Could not
> > > > change to directory '/etc/ipsec.d/crls': 2 No such file or
> > > > directory
> >
> > > I think we do need the crls one because we _do_ real CRLs from
> > > there. I don't think we read AAcerts at all. I am not sure if we
> > > still take CAcerts outside of the NSS db?
> >
> > Directory crls is used and needed.
> >
> > So is cacerts - that's where from we load 3rd party cacerts for
> > veryfying remote certificates. That all works. Our own cacert is in
> > nss db when imported from pkcs12 bundle.
> >
> > I don't know any use for aacerts currently.
> >
> > Make install does generates all these directories.
> >
> > I'd like to know how was libreswan installed because make programs
> > install does generate these dirs.
> >
> >
> It was installed using yum command from
> baseurl=http://download.libreswan.org/binaries/rhel/$releasever/$basearch/.
This has been fixed in git. Problem wasn't about creating those
dirs, installer does that, dirs just weren't packaged.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Swan
mailing list