[Pkg-swan-devel] Bug#918668: Bug#918668: strongswan: root ca certificates not loaded since updated to 5.7.2-1

[Panagiotis Malakoudis]

I use ikev2 with certificates from let's encrypt, so they need to be
verified from a root ca. Already downgraded to 5.7.1-1 and all work
fine again. Please let me know how to increase logging level for
charon-nm , I really don't know how.

Στις Τρί, 8 Ιαν 2019 στις 12:03 μ.μ., ο/η Yves-Alexis Perez
<corsac at debian.org> έγραψε:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Tue, 2019-01-08 at 11:17 +0200, Panagiotis Malakoudis wrote:
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[CFG] loading CA certificate '/etc/ssl/certs/a2c66da8.0' failed
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[CFG] loading CA certificate '/etc/ssl/certs/Trustis_FPS_Root_CA.pem' failed
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[CFG] loading CA certificate '/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.pem' failed
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[CFG] loading CA certificate '/etc/ssl/certs/e60bf0c0.0' failed
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[LIB] building CRED_CERTIFICATE - X509 failed, tried 6 builders
> > Ιαν 08 10:28:32 ryzenpc charon-nm[6196]: 05[CFG] loading CA certificate '/etc/ssl/certs/COMODO_ECC_Certification_Authority.pem' failed
> >
> > All root ca certificates fail to build. All worked fine before upgrading to 5.7.2-1
>
> I don't think it's a really good idea to trust them for a VPN setup anyway,
> but could you:
>
> - - try to downgrade and see if the problem disappears
> - - raise the log level so we have an idea of what happens
>
> Regards,
> - --
> Yves-Alexis
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlw0dYEACgkQ3rYcyPpX
> RFsaOggA4xulgHrmsY4GascqLU0VtMWjIztY56HDk7896XgKlUNFuCfuLkvZ4aZH
> z0kDNkCoBLHuKuioMeWdPTLPwWGk/qQroSZ1SRx0Tqypv6qtPtjXk4AtlHHT8fQU
> XYWrcpjQytXuEiPCgftFjwJ9niYmx8ZOaDCHuftX4ZT4DdGtX/jPZ3fTKwuLzjgV
> DpcoxmEkDpLJBY9PjdWlDc+PmfjY+UV8U7Ox6kgpY+c9S6JA1LxxAct0WcbOSghY
> 2cuHGBvauz/LA1ntKXtme1bDmlaTPxilEcdmmqHVbe76Kgok7e6r98M+UMUmwLc/
> PTnOPa2wku0NP+42mw71m71f6jAhQA==
> =pYGw
> -----END PGP SIGNATURE-----