[Swan] Does libreswan 1.15 have a problem with spaces in CA common names/nicknames
Tony Whyman
tony.whyman at mccallumwhyman.com
Tue Sep 8 16:38:20 UTC 2015
Paul,
That set me on the right track. I was using a simple test CA certificate
which has been around for a long time with a 1024 bit signing key.
Replacing this with a new test CA with a 4096 bit key solved the
authentication problem. Is withdrawal of support for 1024 bit keys
declared anywhere?
There is definitely a bug in the ipsec (import) script when the CA name
has spaces. I have crudely fixed it by amending line 80 to
certutil -L -d "${IPSEC_NSSDIR_SQL}" | egrep -v 'Certificate|MIME' | awk
'{$NF=""; print $0}' | awk '{gsub(/^ +| +$/,"")}'| grep -v "^$" | while
read -r cert; do
There may be a better way but this seems to remove the trailing white
space that was causing the problem for me.
Tony Whyman
MWA
On 08/09/15 16:06, Paul Wouters wrote:
> Ok, then your issue has not been the update of the nss database. Your
> problem then lies in the fact that we now use NSS for the certificate
> validation instead of the very old freeswan based x509*.c code.
More information about the Swan
mailing list