Great, actually I should have mentioned the pkcs1 plugin. Andreas
On 05.07.2010 20:53, William Bloom wrote: > Ah, I indeed had included gmp but I had omitted pkcs1. Adding the pkcs1 > plugin > permits public key parsing to now succeed. > > > Bill > > > -----Original Message----- > From: Andreas Steffen [mailto:[email protected]] > Sent: Fri 7/2/2010 11:52 PM > To: William Bloom > Cc: [email protected] > Subject: Re: [strongSwan-dev] Pluto Fails to Parse Cert > > Hello Bill, > > pluto chokes when trying to parse the public key contained in the > certificate. I think than no big-number library is available. > Either the gmp or openssl plugin must be loaded. The command > > ipsec statusall > > should show one of them. By default the gmp is built which in > turn requires the GNU Multiprecision library. > > Regards > > Andreas > > On 07/03/2010 04:56 AM, William Bloom wrote: >> >> I have a 4.4.0 installation of strongSwan on one RHEL51 box, on which I've >> configured a CA using 'ipsec pki ...' as described on the strongswan online >> docs, as well as on a RHEL46 box which attempts to establish a VPN to a >> Cisco ASA. I generated RSA 2048 keys for the CA and the client, self-signed >> a new CA cert which I then used to issue a cert for the client. All >> straightforward. I installed the CA cert and client cert/key on the client, >> leaving everything in DER format. Pluto opens these files and progresses >> nominally, at first, with the parse and then appears to choke at the point >> of 'subjectPublicKeyInfo'. With 'plutodebug=all', the following appears in >> /var/log/secure... >> >> L2 - subjectPublicKeyInfo: >> -- > -- >> -- < -- >> >> 002 error in X.509 certificate >> >> Yet 'openssl x509 -in cacert.der -inform DER -text -noout' parses the cert >> successfully and reports the subject public key properly. Might there be a >> DER problem, should I try PEM (it seems unlikely, I know)? >> >> >> Bill > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
