[Pkg-swan-devel] Bug#918668: Bug#918668: strongswan: root ca certificates not loaded since updated to 5.7.2-1
Yves-Alexis Perez
corsac at debian.org
Tue Jan 8 11:20:02 GMT 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, 2019-01-08 at 12:14 +0200, Panagiotis Malakoudis wrote:
> I use ikev2 with certificates from let's encrypt, so they need to be
> verified from a root ca.
I understand the need, but be aware that that could easily mean that every
Let's encrypt certificate (or in your case every certificate issues by any
root CA shipped in ca-certificates) could authenticate as a client on your
gateway (or the opposite).
> Already downgraded to 5.7.1-1 and all work
> fine again. Please let me know how to increase logging level for
> charon-nm , I really don't know how.
I don't use the network-manager plugin but I think the logging directives in
/etc/strongswan.d/charon-logging.conf should apply.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlw0h2IACgkQ3rYcyPpX
RFtpBgf9F4NRaXE+qpQKnqJljwh137PoV7zoRKe9YT4H+UMSC+CwKIlJf8LSTSMT
h1nrXYL0Lbs4z4ByLe2u2k3+YJp+x/+DfFwLvhEu080ar5T8VqicNRdUYBOMyGtr
SOK1xE2UUJ7C27iBZyHwEygMQKFWoQqy/1/EpINx1MzoSLDkCKk9UJzc38loJAQ4
fXWuAtcMVaeErn6K1Nmmlz0kP0oDYF1pyI6GyInM4U9moFRXMjy5YyEEBJtQaNFN
FpI78F2mAgPYNPe/ZR5NEB/AG6a5UoZvdGrnd9j5g8YPKTamJxPatwxlH0Lo2s/j
CKkgKX5Bo/F776f0D0vSWLKsIJupWQ==
=9UUW
-----END PGP SIGNATURE-----
More information about the Pkg-swan-devel
mailing list