Re: [strongSwan] OCSP and libcurl

[Modster, Anthony]

Hello

Does strongswan support libcurl curl_easy_setopt() CURLOPT_INTERFACE

curl_easy_setopt - set options for a curl easy handle



Teledyne Confidential; Commercially Sensitive Business Data
From: Modster, Anthony
Sent: Thursday, April 15, 2021 10:36 AM
To: users@lists.strongswan.org
Subject: OCSP and libcurl

Hello

What path does charon libcurl use when sending OCSP protocol ?

The URL is resolved, but the network is not found.

  *   charon [info] 07[CFG]   requesting ocsp status from 
\'http://www.carillon.ca/sha2-ocsp\' ...
  *   charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 
192.64.30.9: Network is unreachable
  *   charon [info] 07[CFG] ocsp request to http://www.carillon.ca/sha2-ocsp 
failed
  *   charon [info] 07[CFG] ocsp check failed, fallback to crl
  *   charon [info] 07[CFG]   fetching crl from 
\'http://www.carillon.ca/caops/test-signca2-crl.crl\' ...
  *   charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 
192.64.30.9: Network is unreachable
  *   charon [info] 07[CFG] crl fetching failed
  *   charon [info] 07[CFG] certificate status is not available
  *   charon [info] 07[CFG] ocsp check skipped, no ocsp found
  *   charon [info] 07[CFG]   fetching crl from 
\'http://www.carillon.ca/caops/TEST-cisRCA1.crl\' ...
  *   charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 
192.64.30.9: Network is unreachable
  *   charon [info] 07[CFG] crl fetching failed
  *   charon [info] 07[CFG] certificate status is not available

The VPN tunnel does come up (so IKE and ESP packets are ok).
Below is some of the configuration information.

  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 12[CFG] vici client 6 
connected
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG] vici client 6 
requests: load-conn
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]  conn 
sgateway1-radio0:
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]   child 
sgateway1-radio0:
  *   ...
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]    local_ts = 
dynamic
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]    remote_ts = 
40.40.40.15/32
  *   ...
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   local_addrs = 
10.215.3.133
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   remote_addrs 
= 76.232.248.220
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   local_port = 
500
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   remote_port = 
500
Thanks




Teledyne Confidential; Commercially Sensitive Business Data