<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Mar 3, 2013 at 12:29 PM, Tuomo Soini <span dir="ltr"><<a href="mailto:tis@foobar.fi" target="_blank">tis@foobar.fi</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">On Wed, 27 Feb 2013 12:51:54 -0500 (EST)<br>
Paul Wouters <<a href="mailto:pwouters@redhat.com">pwouters@redhat.com</a>> wrote:<br>
<br>
> On Wed, 27 Feb 2013, T.J. Yang wrote:<br>
><br>
> > Anyway to silence the following errors ? For a basic PSK setup with<br>
> > certificate creation, following error messages in pluto log file.<br>
> ><br>
> > Could not change to directory '/etc/ipsec.d/cacerts': No such file<br>
> > or directory Could not change to directory '/etc/ipsec.d/aacerts':<br>
> > No such file or directory Could not change to directory<br>
> > '/etc/ipsec.d/crls': 2 No such file or directory<br>
<br>
</div><div class="im">> I think we do need the crls one because we _do_ real CRLs from there.<br>
> I don't think we read AAcerts at all. I am not sure if we still take<br>
> CAcerts outside of the NSS db?<br>
<br>
</div>Directory crls is used and needed.<br>
<br>
So is cacerts - that's where from we load 3rd party cacerts for<br>
veryfying remote certificates. That all works. Our own cacert is in<br>
nss db when imported from pkcs12 bundle.<br>
<br>
I don't know any use for aacerts currently.<br>
<br>
Make install does generates all these directories.<br>
<br>
I'd like to know how was libreswan installed because make programs<br>
install does generate these dirs.<br><span class=""><font color="#888888"><br></font></span></blockquote><div><br></div><div style> It was installed using yum command from </div><div style>baseurl=<a href="http://download.libreswan.org/binaries/rhel/$releasever/$basearch/">http://download.libreswan.org/binaries/rhel/$releasever/$basearch/</a>.<br>
</div><div style><br></div><div style>Looks like libreswan.spec can be modified to mkdir those missing directories from "install -d" command like followings</div><div style><br></div><div style><div>[tjyang@centos631 rhel]$ grep "install -d" libreswan.spec</div>
<div>install -d -m 0700 %{buildroot}%{_localstatedir}/run/pluto</div><div>install -d -m 0700 %{buildroot}%{_localstatedir}/log/pluto/peer</div><div>install -d %{buildroot}%{_sbindir}</div><div>[tjyang@centos631 rhel]$</div>
<div><br></div></div><div style><br></div><div style>tj</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span class=""><font color="#888888">
--<br>
Tuomo Soini <<a href="mailto:tis@foobar.fi">tis@foobar.fi</a>><br>
Foobar Linux servicesneed to be fixed.</font></span> </blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span class=""><font color="#888888">
<a href="tel:%2B358%2040%205240030" value="+358405240030">+358 40 5240030</a><br>
Foobar Oy <<a href="http://foobar.fi/" target="_blank">http://foobar.fi/</a>><br>
</font></span><div class=""><div class="h5">_______________________________________________<br>
Swan mailing list<br>
<a href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a><br>
<a href="https://lists.libreswan.org/mailman/listinfo/swan" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>T.J. Yang
</div></div>