Thanks very much, Martin. I guess I had two problems, but this did correctly address the ECP_256 issue. (the other is also resolved now too) I -thought- that I'd disabled those plugin registrations, but I had not done so as you pointed out.
Thanks again for the response. Dave ________________________________ From: Martin Willi <[email protected]> To: David Spracklen <[email protected]> Cc: [email protected] Sent: Wed, July 28, 2010 2:43:49 AM Subject: Re: [strongSwan] SQL and IKE/ESP Hi Dave, > I am trying to use SQL with ECDSA. The log showed my cert was read in > correctly, but there was a mention that ECP_256 was not supported. ECDSA is usually independent of ECDH, I don't think this is related to your certificate. > The DH implementation we're using doesn't support this The default proposals are constructed using the registered algorithms [1]. In contrast to a ipsec.conf based configuration, no additional algorithms [2] are attached. If your plugin does not support ECP_256, you should not register that algorithm. The OpenSSL plugin does plugin registration at [3]. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/config/proposal.c;h=e8639302896e1b0635014e49500b319b1fe966f4;hb=HEAD#l766 [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/starter/confread.c;h=399e17844d60b763811e08bb783628508620cf8d;hb=HEAD#l35 [3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_plugin.c;h=31697dcb893d5e668a9b1df552cf44321edd2cd1;hb=HEAD#l290
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
