[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 544) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)

To: racoon@kame.net
Subject: (racoon 544) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
From: itojun@itojun.org (Jun-ichiro itojun Hagino)
Date: Thu, 17 Jun 2004 12:37:09 +0900 (JST)
Cc: bbuesker@qualcomm.com, ipsec-tools-devel@lists.sourceforge.net
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@kame.net
In-reply-to: Your message of "Wed, 16 Jun 2004 21:12:17 +0900" <20040616211217B.sakane@kame.net>
References: <20040616211217B.sakane@kame.net>
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

> I have imported the fix from ipsec-tools into the kame repository.
> Can anyone check it on *BSD if it works or not ?
> 
> > Anyway, IPsec-tools 0.3.3 are out with the following behaviour:
> > 
> > It only allows (but still warns) that CRL for the cert is unavailable for
> > certificates obtained from the IKE payload. All other problems are treated
> > as errors and ISAKMP negotiation fails.
> > 
> > For locally available certs (via peers_certfile statement) the rules are
> > more relaxed and because the certificate can be trustfully verified it is
> > allowed that it is expired, self-signed or "for other puropse". The
> > verification still succeeds but emits a warning.

	compiled just fine on NetBSD-current.

itojun

References:
- (racoon 539) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
  - From: Shoichi Sakane <sakane@kame.net>

Prev by Date: (racoon 543) Re: Racoon and FreeSwan RSA
Next by Date: (racoon 545) Re: Racoon and FreeSwan RSA
Previous by thread: (racoon 539) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
Next by thread: (racoon 538) sendmsg (Operation not permitted) while ipsec sa negociation
Index(es):
- Date
- Thread