Hello Bill, pluto chokes when trying to parse the public key contained in the certificate. I think than no big-number library is available. Either the gmp or openssl plugin must be loaded. The command
ipsec statusall should show one of them. By default the gmp is built which in turn requires the GNU Multiprecision library. Regards Andreas On 07/03/2010 04:56 AM, William Bloom wrote: > > I have a 4.4.0 installation of strongSwan on one RHEL51 box, on which I've > configured a CA using 'ipsec pki ...' as described on the strongswan online > docs, as well as on a RHEL46 box which attempts to establish a VPN to a Cisco > ASA. I generated RSA 2048 keys for the CA and the client, self-signed a new > CA cert which I then used to issue a cert for the client. All > straightforward. I installed the CA cert and client cert/key on the client, > leaving everything in DER format. Pluto opens these files and progresses > nominally, at first, with the parse and then appears to choke at the point of > 'subjectPublicKeyInfo'. With 'plutodebug=all', the following appears in > /var/log/secure... > > L2 - subjectPublicKeyInfo: > -- > -- > -- < -- > > 002 error in X.509 certificate > > Yet 'openssl x509 -in cacert.der -inform DER -text -noout' parses the cert > successfully and reports the subject public key properly. Might there be a > DER problem, should I try PEM (it seems unlikely, I know)? > > > Bill -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
