[Swan] moving from openswan to libreswan
Fisher Kernel
fisherkernel at gmail.com
Tue Oct 7 23:05:43 EEST 2014
Hi!
First timer on the list so, first of all, thanks for libreswan!
You guys are doing a wonderful job.
I'm currently in the process of moving from openswan to libreswan
and wanted to share three notes from my log book.
1) whack rereadall doesn't reload nss certificates.
This has been brought up before:
https://lists.libreswan.org/pipermail/swan/2014/000707.html
As the previous author this is something I'm also interested in.
2) crl verification needs curl.
I have my crls in the crls folder.
I compiled without curl and noticed that crl verification didn't happen.
>From what I remember, things looked good from the logs.
No sign that verification was off.
But in verify_x509cert there is an ifdef around verify_by_crl.
#if defined(LIBCURL) || defined(LDAP_VER)
3) missing git tag v3.10.
Can there be one for 3.11?
Regards,
-- fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20141007/6f599880/attachment.html>
More information about the Swan
mailing list