[Pkg-swan-devel] Bug#918668: Bug#918668: strongswan: root ca certificates not loaded since updated to 5.7.2-1
malakudi at gmail.com
Tue Jan 8 14:04:13 GMT 2019
Στις Τρί, 8 Ιαν 2019 στις 1:28 μ.μ., ο/η Yves-Alexis Perez
<corsac at debian.org> έγραψε:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> On Tue, 2019-01-08 at 12:14 +0200, Panagiotis Malakoudis wrote:
> > I use ikev2 with certificates from let's encrypt, so they need to be
> > verified from a root ca.
> I understand the need, but be aware that that could easily mean that every
> Let's encrypt certificate (or in your case every certificate issues by any
> root CA shipped in ca-certificates) could authenticate as a client on your
> gateway (or the opposite).
I use certificate for server host validation (with dns name), so I
don't think there is a risk in this scenario. Clients authenticate
> > Already downgraded to 5.7.1-1 and all work
> > fine again. Please let me know how to increase logging level for
> > charon-nm , I really don't know how.
> I don't use the network-manager plugin but I think the logging directives in
> /etc/strongswan.d/charon-logging.conf should apply.
Didn't find anything usefull with increased logging. But after I
completely uninstalled strongswan packages and reinstalled the 5.7.2-1
packages from Debian testing, now everything works OK. I can't
reproduce the issue. Whatever it was, it is gone.
> - --
> -----BEGIN PGP SIGNATURE-----
> -----END PGP SIGNATURE-----
More information about the Pkg-swan-devel