[Swan] swan-docs
Sergey Mihailov
sergey.mihailov at gmail.com
Fri Sep 30 05:41:53 UTC 2016
2016-09-29 20:01 GMT+03:00 Paul Wouters <paul at nohats.ca>:
There are various tools you can use to generate certificates. openssl,
> or nss's certutil, or xca or tinyCA2, etc etc.
>
> You can find the example code we use to generate our test certficates
> herE:
>
> https://github.com/libreswan/libreswan/blob/master/testing/x
> 509/dist_certs.py
>
Ок. I use lines :
certutil -S -k rsa -c "cacert01" -n "server01" -s "CN=gateway.example.org" \
-v 12 -t "u,u,u" --keyUsage digitalSignature,keyEncipherment --extKeyUsage
serverAuth -8 "gateway.example.org" -d sql:./cert
Its correct ?
> You should be able to omit the rightrsasigkey= line if you are using
> leftcert= already.
>
It's clear.
No i use ( client side )
...
right=gateway.example.org
rightid=%fromcert
rightrsasigkey=%cert
NO WORKS :(
and
use:
right=gateway.example.org
# rightid=%fromcert
rightrsasigkey=%cert
WORKS.
I read manual for ipsec and view :
line rightrsasigkey=%cert exclude line rightid=%fromcert
and see rightid from line right
Its correct ?
> Unfortunately, no. all EAP code is openssl/wpa_supplicant based,
> and libreswan uses NSS. So we have not yet written all the code
> needed for EAP support.
Ok.
Paul
>
Тhanks.
--
mx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160930/736bb86b/attachment.html>
More information about the Swan
mailing list