Hi Bill, in that case send me your certificate and I'm going to have a look at it.
Andreas
On 05.07.2010 20:20, William Bloom wrote:
> Thanks, Stefan. I have the following in strongswan.conf in order to
> include the gmp plugin...
>
> pluto {
> load = aes des shaq sha2 md5 hmac pem x509 gmp random pubkey
> }
>
> ...and 'ipsec statusall' also reports that gmp is loaded. I actually had this
> in place before I discovered the public key parsing issue. What else might I
> have wrong?
>
>
> Bill
>
> -----Original Message-----
> From: Andreas Steffen [mailto:[email protected]]
> Sent: Fri 7/2/2010 11:52 PM
> To: William Bloom
> Cc: [email protected]
> Subject: Re: [strongSwan-dev] Pluto Fails to Parse Cert
>
> Hello Bill,
>
> pluto chokes when trying to parse the public key contained in the
> certificate. I think than no big-number library is available.
> Either the gmp or openssl plugin must be loaded. The command
>
> ipsec statusall
>
> should show one of them. By default the gmp is built which in
> turn requires the GNU Multiprecision library.
>
> Regards
>
> Andreas
>
> On 07/03/2010 04:56 AM, William Bloom wrote:
>>
>> I have a 4.4.0 installation of strongSwan on one RHEL51 box, on which I've
>> configured a CA using 'ipsec pki ...' as described on the strongswan online
>> docs, as well as on a RHEL46 box which attempts to establish a VPN to a
>> Cisco ASA. I generated RSA 2048 keys for the CA and the client, self-signed
>> a new CA cert which I then used to issue a cert for the client. All
>> straightforward. I installed the CA cert and client cert/key on the client,
>> leaving everything in DER format. Pluto opens these files and progresses
>> nominally, at first, with the parse and then appears to choke at the point
>> of 'subjectPublicKeyInfo'. With 'plutodebug=all', the following appears in
>> /var/log/secure...
>>
>> L2 - subjectPublicKeyInfo:
>> -- > --
>> -- < --
>>
>> 002 error in X.509 certificate
>>
>> Yet 'openssl x509 -in cacert.der -inform DER -text -noout' parses the cert
>> successfully and reports the subject public key properly. Might there be a
>> DER problem, should I try PEM (it seems unlikely, I know)?
>>
>>
>> Bill
>
--
======================================================================
Andreas Steffen [email protected]
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
