Ubuntu 14.04 uses 3.19.2.
On 08/09/15 20:44, Paul Wouters wrote:
Our tests used
nss-3.18.0-1.fc21.
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
On Tue, 8 Sep 2015, Tony Whyman wrote:
That set me on the right track. I was using a simple test CA certificate
which has been around for a long time with a 1024 bit signing key. Replacing
this with a new test CA with a 4096 bit key solved the authentication
problem. Is withdrawal of support
Paul,
Thanks for getting back. If you look down my original EMail, I have
already tried:
certutil -V -d sql:/etc/ipsec.d -n "MWA Root CA" -u C
certutil: certificate is invalid: Peer's certificate issuer has been
marked as not trusted by the user.
rebecca ~ # certutil -M -d sql:/etc/ipsec.d
On Tue, 8 Sep 2015, Tony Whyman wrote:
Subject: Re: [Swan] Does libreswan 1.15 have a problem with spaces in CA
common names/nicknames
Ubuntu 14.04 uses 3.19.2.
On 08/09/15 20:44, Paul Wouters wrote:
Our tests used
nss-3.18.0-1.fc21.
I just reran the test with nss-3.20 and the 1024 bit
Paul,
That set me on the right track. I was using a simple test CA certificate
which has been around for a long time with a 1024 bit signing key.
Replacing this with a new test CA with a 4096 bit key solved the
authentication problem. Is withdrawal of support for 1024 bit keys
declared
Paul,
One more point, I modified /usr/sbin/ipsec: set_db_trust to see what was
happening i.e.
set_db_trusts() {
# has to handle a NSS nick with spaces
certutil -L -d "${IPSEC_NSSDIR_SQL}" | egrep -v 'Certificate|MIME'
| awk '{$NF=""; print $0}' | grep -v "^$" | while read -r cert; do