Hi,with 10.8 i have an issue, that the client says "unable to verify server certificate"
My Server certificate has X509v3 Subject Alternative Name: as DNS:fqdnofmyserver
I tried even without extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2 in the certificte.
Regarding the log and tcpdump, i don't think that the ios problem is related to the osx 10.8 problem.
-- Mit freundlichen Grüssen / Regards Christian Scheele NewMedia-NET GmbH - Devision DD-WRT Firmensitz: Berliner Ring 101, 64625 Bensheim Registergericht: Amtsgericht Darmstadt, HRB 25473 Geschäftsführer: Peter Steinhäuser, Christian Scheele http://www.dd-wrt.com email: [email protected] Tel.: +496251-582650 / Fax: +496251-5826565 On 01.12.12 20:36, Kris wrote:
This issue seems to break OSX 10.8 also, small certs not help, hope the patch can be ported to SS 5 soon. -- Kris On Tue, Nov 27, 2012 at 8:05 PM, Christian Scheele <[email protected]> wrote:Hi, Gerd v. Egidy <lists@...> writes:Hi Andreas,I did have some time to look at it. You will find a patch implementing Ciscos proprietary IKE fragmentation in the patches tarball in the chroot-ipsec source rpm. It's based on Strongswan 4.4.1. I managed to port (it did not apply cleanly) that patch to the 4.5.2 based debian backports version and it at least compiles. Tests are still pending.Would you mind to post your patch for 4.5.2?This is however a temporary workaround as this will surely not work on 5.x. and therefore most likely never get into the official srongswan repos.sure. Let's hope someone will make or sponsor a true port to 5 soon.i uploaded the patch on pastebin: http://pastebin.com/mHS68juq We are using 5.0.1 right now, small certs work, but we would like to get this implemented in 5.0.x as well. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
