From: Olaf <mai...@ba...> - 2011-11-12 18:13:56
|
On 2011-11-12 17:29, Michael G Beirne wrote: > On 11/12/2011 5:17 AM, Olaf Westrik wrote: >> >> >>>> Could I update to 2.6.32.48 [3], that should still have a lot of good fixes, >>>> that's 2.6.47 [4] + 3 revert? >>> >>> OK. I'll need some time to add fields for "valid until" in several CGIs >>> anyway. >> >> Unfortunately 'fixing' the validity is not enough. >> More thinking and experimenting is required to get openswan to accept >> the host certificate. >> > > > I created a certificate after the 2.0.1 update and openswan did accept > the certificate, although with an incorrect end date. ipsec auto listall does not complain, ipsec showhostkey --left does: ipsec showhostkey error in PKCS#1 private key ipsec showhostkey "/etc/ipsec.secrets" line 2: error loading RSA private key file ipsec showhostkey: wrong kind of key PPK_XAUTH in show_confkey. Expected PPK_RSA. The IPsec log shows (parsing PLUTO DEBUG enabled): 18:59:59 pluto[6795] loading secrets from "/etc/ipsec.secrets" 18:59:59 pluto[6795] loaded private key file '/var/ipcop/certs/hostkey.pem' (916 bytes) 18:59:59 pluto[6795] | file content is not binary ASN.1 18:59:59 pluto[6795] | -----BEGIN PRIVATE KEY----- 18:59:59 pluto[6795] | -----END PRIVATE KEY----- 18:59:59 pluto[6795] | file coded in PEM format 18:59:59 pluto[6795] | L0 - RSAPrivateKey: 18:59:59 pluto[6795] | L1 - version: 18:59:59 pluto[6795] | L1 - modulus: ASN1 tag 0x02 expected, but is 0x30 18:59:59 pluto[6795] | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 18:59:59 pluto[6795] error in PKCS#1 private key 18:59:59 pluto[6795] "/etc/ipsec.secrets" line 2: error loading RSA private key file 18:59:59 ipsec__plutorun 003 "/etc/ipsec.secrets" line 2: error loading RSA private key file Olaf |