Hi Harald,
> Even if Strongswan ignores the additional certs, is it possible that
> some crypto implementation *used* by Strongswan does not, but reads
> all certificates found in the cert files (in /etc/ipsec.d)?
Only the pem plugin reads PEM encoded files, and it only parses one
credential per
Hi Tobias,
On 02/23/18 14:25, Tobias Brunner wrote:
> Hi Harri,
>
>> I had hoped that putting the whole chain into /etc/ipsec.d/certs/mycert.pem
>> would help, but apparently it doesn't.
>
> strongSwan reads only the first certificate from PEM encoded files. So
> put them in separate files.
>
Hi Harald,
> I had hoped that putting the whole chain into
> /etc/ipsec.d/certs/mycert.pem
> would help, but apparently it doesn't.
strongSwan reads only the first certificate from PEM encoded files. So
put them in separate files.
>>>
>>> This is unusual, is it?
>
Hi Tobias,
On 02/26/18 09:28, Tobias Brunner wrote:
Hi Harri,
I had hoped that putting the whole chain into /etc/ipsec.d/certs/mycert.pem
would help, but apparently it doesn't.
strongSwan reads only the first certificate from PEM encoded files. So
put them in separate files.
This is unus
Hi Harri,
>>> I had hoped that putting the whole chain into /etc/ipsec.d/certs/mycert.pem
>>> would help, but apparently it doesn't.
>>
>> strongSwan reads only the first certificate from PEM encoded files. So
>> put them in separate files.
>>
>
> This is unusual, is it?
What is?
> If I do, wi
Hi Tobias,
On 02/23/18 14:25, Tobias Brunner wrote:
> Hi Harri,
>
>> I had hoped that putting the whole chain into /etc/ipsec.d/certs/mycert.pem
>> would help, but apparently it doesn't.
>
> strongSwan reads only the first certificate from PEM encoded files. So
> put them in separate files.
>
Hi Harri,
> I had hoped that putting the whole chain into /etc/ipsec.d/certs/mycert.pem
> would help, but apparently it doesn't.
strongSwan reads only the first certificate from PEM encoded files. So
put them in separate files.
Regards,
Tobias