On Tue, 8 Sep 2015, Andrew Cagney wrote:
these should be fixed if you add RETRANSMIT_INTERVAL_DEFAULT=1 to
Makefile.inc.local and re-compile.
I'm puzzled.
These specific tests require their own custom build, or all our test
builds require this tweak? I prefer to test what we ship (which
Ubuntu 14.04 uses 3.19.2.
On 08/09/15 20:44, Paul Wouters wrote:
Our tests used
nss-3.18.0-1.fc21.
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
On Tue, 8 Sep 2015, Tony Whyman wrote:
That set me on the right track. I was using a simple test CA certificate
which has been around for a long time with a 1024 bit signing key. Replacing
this with a new test CA with a 4096 bit key solved the authentication
problem. Is withdrawal of support
Paul,
Thanks for getting back. If you look down my original EMail, I have
already tried:
certutil -V -d sql:/etc/ipsec.d -n "MWA Root CA" -u C
certutil: certificate is invalid: Peer's certificate issuer has been
marked as not trusted by the user.
rebecca ~ # certutil -M -d sql:/etc/ipsec.d
On Tue, Sep 08, 2015 at 02:19:47PM -0400, Andrew Cagney wrote:
> On 7 September 2015 at 12:06, Paul Wouters wrote:
> > On Sat, 5 Sep 2015, D. Hugh Redelmeier wrote:
> >
> >> I imagine that somebody changed something without updating the
> >> reference logs.
> >>
> >> Please fix
On Tue, 8 Sep 2015, Tony Whyman wrote:
Subject: Re: [Swan] Does libreswan 1.15 have a problem with spaces in CA
common names/nicknames
Ubuntu 14.04 uses 3.19.2.
On 08/09/15 20:44, Paul Wouters wrote:
Our tests used
nss-3.18.0-1.fc21.
I just reran the test with nss-3.20 and the 1024 bit
Paul,
That set me on the right track. I was using a simple test CA certificate
which has been around for a long time with a 1024 bit signing key.
Replacing this with a new test CA with a 4096 bit key solved the
authentication problem. Is withdrawal of support for 1024 bit keys
declared
Paul,
One more point, I modified /usr/sbin/ipsec: set_db_trust to see what was
happening i.e.
set_db_trusts() {
# has to handle a NSS nick with spaces
certutil -L -d "${IPSEC_NSSDIR_SQL}" | egrep -v 'Certificate|MIME'
| awk '{$NF=""; print $0}' | grep -v "^$" | while read -r cert; do