[Swan] [libreswan] "/etc/ipsec.d/{ca|aa}certs: No such file or directory" after "ipsec setup start" (#2)

T.J. Yang tjyang2001 at gmail.com
Mon Mar 4 17:10:47 EET 2013 

Thanks Tuomo,

Have you push your .spec change yet ? I can't see the changes here
https://github.com/libreswan/libreswan/commits/master


tj


On Sun, Mar 3, 2013 at 11:42 PM, Tuomo Soini <tis at foobar.fi> wrote:

> On Sun, 3 Mar 2013 20:14:37 -0600
> "T.J. Yang" <tjyang2001 at gmail.com> wrote:
>
> > On Sun, Mar 3, 2013 at 12:29 PM, Tuomo Soini <tis at foobar.fi> wrote:
> >
> > > On Wed, 27 Feb 2013 12:51:54 -0500 (EST)
> > > Paul Wouters <pwouters at redhat.com> wrote:
> > >
> > > > On Wed, 27 Feb 2013, T.J. Yang wrote:
> > > >
> > > > > Anyway to silence the following errors ? For a basic PSK setup
> > > > > with certificate creation, following error messages in pluto
> > > > > log file.
> > > > >
> > > > > Could not change to directory '/etc/ipsec.d/cacerts': No such
> > > > > file or directory Could not change to directory
> > > > > '/etc/ipsec.d/aacerts': No such file or directory Could not
> > > > > change to directory '/etc/ipsec.d/crls': 2 No such file or
> > > > > directory
> > >
> > > > I think we do need the crls one because we _do_ real CRLs from
> > > > there. I don't think we read AAcerts at all. I am not sure if we
> > > > still take CAcerts outside of the NSS db?
> > >
> > > Directory crls is used and needed.
> > >
> > > So is cacerts - that's where from we load 3rd party cacerts for
> > > veryfying remote certificates. That all works. Our own cacert is in
> > > nss db when imported from pkcs12 bundle.
> > >
> > > I don't know any use for aacerts currently.
> > >
> > > Make install does generates  all these directories.
> > >
> > > I'd like to know how was libreswan installed because make programs
> > > install does generate these dirs.
> > >
> > >
> >  It was installed using  yum command from
> > baseurl=
> http://download.libreswan.org/binaries/rhel/$releasever/$basearch/.
>
> This has been fixed in git. Problem wasn't about creating those
> dirs, installer does that, dirs just weren't packaged.
>
> --
> Tuomo Soini <tis at foobar.fi>
> Foobar Linux services
> +358 40 5240030
> Foobar Oy <http://foobar.fi/>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>



-- 
T.J. Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130304/db584f7f/attachment.html>

More information about the Swan mailing list