[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(racoon 544) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
- To: email@example.com
- Subject: (racoon 544) Re: [Ipsec-tools-devel] Re: authentication bug in KAME's racoon (fwd)
- From: firstname.lastname@example.org (Jun-ichiro itojun Hagino)
- Date: Thu, 17 Jun 2004 12:37:09 +0900 (JST)
- Cc: email@example.com, firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- In-reply-to: Your message of "Wed, 16 Jun 2004 21:12:17 +0900" <20040616211217B.firstname.lastname@example.org>
- References: <20040616211217B.email@example.com>
- Reply-to: firstname.lastname@example.org
- Sender: email@example.com
> I have imported the fix from ipsec-tools into the kame repository.
> Can anyone check it on *BSD if it works or not ?
> > Anyway, IPsec-tools 0.3.3 are out with the following behaviour:
> > It only allows (but still warns) that CRL for the cert is unavailable for
> > certificates obtained from the IKE payload. All other problems are treated
> > as errors and ISAKMP negotiation fails.
> > For locally available certs (via peers_certfile statement) the rules are
> > more relaxed and because the certificate can be trustfully verified it is
> > allowed that it is expired, self-signed or "for other puropse". The
> > verification still succeeds but emits a warning.
compiled just fine on NetBSD-current.