Your message dated Sun, 18 Sep 2016 12:20:41 +0000
with message-id <e1blb5n-000709...@franck.debian.org>
and subject line Bug#835095: fixed in strongswan 5.5.0-2
has caused the Debian Bug report #835095,
regarding strongswan-nm: doesn't use the system CA store
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
835095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835095
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: strongswan-nm
Version: 5.4.0-3
Severity: minor
Tags: patch

Hi,

When no certificate is specified in a network-manager's strongswan vpn
connection, charon-nm looks for CAs in a directory set at
compile-time, nm-ca-dir. This, however, by default makes it look for
certificates in /usr/share/ca-certificates instead of the expected
dir,  /etc/ssl/certs.

Attached patch makes charon-nm default to using /etc/ssl/certs.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
From c3c8ac9a2bbbf60d4cbcbb60668ce5c1c41c6997 Mon Sep 17 00:00:00 2001
From: Raphael Geissert <geiss...@debian.org>
Date: Mon, 22 Aug 2016 14:20:26 +0200
Subject: [PATCH] make charon-nm use /etc/ssl/certs when no endpoint cert or
 CA is specified

---
 debian/rules |    1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/rules b/debian/rules
index f1c30b1..571bd37 100755
--- a/debian/rules
+++ b/debian/rules
@@ -48,6 +48,7 @@ ifeq ($(DEB_BUILD_ARCH_OS),linux)
 	# only enable network-manager and capabilities dropping on linux hosts
 	# some plugins are linux-only too
 	CONFIGUREARGS += --enable-nm \
+		--with-nm-ca-dir=/etc/ssl/certs \
 		--with-capabilities=libcap \
 		--enable-farp \
 		--enable-dhcp \
-- 
1.7.10.4


--- End Message ---
--- Begin Message ---
Source: strongswan
Source-Version: 5.5.0-2

We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 835...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <cor...@debian.org> (supplier of updated strongswan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Sep 2016 13:47:41 +0200
Source: strongswan
Binary: strongswan libstrongswan libstrongswan-standard-plugins 
libstrongswan-extra-plugins libcharon-extra-plugins strongswan-starter 
strongswan-libcharon strongswan-charon strongswan-ike strongswan-nm 
strongswan-ikev1 strongswan-ikev2 charon-cmd strongswan-pki 
strongswan-scepclient strongswan-swanctl charon-systemd
Architecture: source
Version: 5.5.0-2
Distribution: unstable
Urgency: medium
Maintainer: strongSwan Maintainers <pkg-swan-de...@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description:
 charon-cmd - standalone IPsec client
 charon-systemd - strongSwan IPsec client, systemd support
 libcharon-extra-plugins - strongSwan charon library (extra plugins)
 libstrongswan - strongSwan utility and crypto library
 libstrongswan-extra-plugins - strongSwan utility and crypto library (extra 
plugins)
 libstrongswan-standard-plugins - strongSwan utility and crypto library 
(standard plugins)
 strongswan - IPsec VPN solution metapackage
 strongswan-charon - strongSwan Internet Key Exchange daemon
 strongswan-ike - strongSwan Internet Key Exchange daemon (transitional package)
 strongswan-ikev1 - strongSwan IKEv1 daemon, transitional package
 strongswan-ikev2 - strongSwan IKEv2 daemon, transitional package
 strongswan-libcharon - strongSwan charon library
 strongswan-nm - strongSwan plugin to interact with NetworkManager
 strongswan-pki - strongSwan IPsec client, pki command
 strongswan-scepclient - strongSwan IPsec client, SCEP client
 strongswan-starter - strongSwan daemon starter and configuration file parser
 strongswan-swanctl - strongSwan IPsec client, swanctl command
Closes: 835095 838194
Changes:
 strongswan (5.5.0-2) unstable; urgency=medium
 .
   * debian/rules:
     - add patch from Raphaƫl Geissert to use /etc/ssl/certs instead of
       /usr/share/ca-certificates for strongswan-nm.             closes: #835095
     - update argument name for dh_strip dbgsym migration
   * debian/control:
     - update debhelper dependency to a version which supports dbgsym
       migration.
   * debian/patches:
     - 05_network-manager-strongswan-1.4 added, backport two upstream patches
       to support network-manager-strongswan 1.4 in charon-nm.   closes: #838194
Checksums-Sha1:
 8c15a7b9e4ed5426e1a5b83396f7e2747e8ba0af 3239 strongswan_5.5.0-2.dsc
 918672c6df512032b27af735e8800ae675372627 122064 
strongswan_5.5.0-2.debian.tar.xz
Checksums-Sha256:
 2f0cc0cc1dc0f4badc511c00c49499a0b02c8043eeee2fe9b5dd6bfd9e41216e 3239 
strongswan_5.5.0-2.dsc
 015a12e3dde32970320b00c82c000c873ff3f945212b37b9e7d38b9d1cf6932b 122064 
strongswan_5.5.0-2.debian.tar.xz
Files:
 646378d9a38352c41e9cae5ceadf359e 3239 net optional strongswan_5.5.0-2.dsc
 b28ae10f33486fe0c460693f2be2d249 122064 net optional 
strongswan_5.5.0-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJX3oQTAAoJEG3bU/KmdcClq6YH/jwV3O5B69OI6+Bhd/Kvek1V
N2wqlGa8l4uBon11TEHV2+PFirsi7pqYqH8iwIvOIM88Yo+cxd6Cv81lQozHi8if
22fhDNnay3vB1UjGKl7ce7KZguoC4QvpLELFmqxDUvNlS7RgjCkoLxAKZX93vCjq
qpl0/fOf5fJMKdCjggtIhzw2Rr2lMbkXNgqiGBt9q2yCWXr4UwXuZ25UHMCYkYg7
zdOT/Y05bks0V1vRXWhRpeHltjXIhbg4LckscuicL6QpV4uw2jp7zzd4tM6G1rr6
CxJVZvY2qv5yklTSP1FBA13Aeo1tzcKcSKlt0xUgyjWBr6GiAZL3gRufRepfZuY=
=lgP0
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to