On Wed, 23 Jan 2019, Kostya Vasilyev wrote:
Partial success (still a failure).
I've exported
- server's private and public keys from openssl format with plainrsa-gen
- client's public key from openssl using plainrsa-gen
I've put the server's private key into ipsec.secrets like this:
89.0.0.1 139.0.0.1 : RSA {
# RSA 2048 bits
# pubkey=0sAwEAAaJ..../3xyU=
Modulus: ....
}
This has no effect in recent libreswan's and is ignored.
pluto[28048]: "mytunnel" #2: Can't find the certificate or private key from the
NSS CKA_ID
pluto[28048]: "mytunnel" #2: unable to locate my private key for RSA Signature
^^^ And this is bad, the server can't find its own private key when the client
sends the public counterpart.
Because you must put the private key in NSS.
Any ideas on how to make LibreSwan match its own public key in leftrsasigkey to
the RSA { ... } key in *.secrets (which does get loaded)?
Not supported.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
