[strongSwan] Fail on loading secrets (ECDSA)

William Greene wgreene9617 at yahoo.com
Fri Dec 3 16:29:43 CET 2010

Thanks for the reply.  That is interesting.  I'm using OpenSSL 0.9.8n that I had 
to build from source.  This gives me something to try as well.


From: Tobias Brunner <tobias at strongswan.org>
To: users at lists.strongswan.org
Sent: Fri, December 3, 2010 10:19:46 AM
Subject: Re: [strongSwan] Fail on loading secrets (ECDSA)

Hi Bill,

I just tried to recreate the crash with the certificate and key you 
provided, but I wasn't able to.  Using strongSwan 4.5.0 and OpenSSL 
0.9.8o, it worked flawlessly:

   Output of ipsec listcerts:

   subject:  "C=US, ST=NC, O=CO, CN=KAP8"
   issuer:   "C=US, ST=NC, O=CO, CN=KAP8"
   serial:    00:c8:89:b5:5e:e1:01:2e:43
   validity:  not before Nov 30 21:20:58 2010, ok
              not after  Dec 30 21:20:58 2010, ok (expires in 27 days)
   pubkey:    ECDSA 384 bits, has private key
   keyid:     85:c1:33:e6:5f:47:be:78:1a:eb:f4:37:c9:dd:92:00:22:91:a2:a9
   subjkey:   53:9e:25:03:bc:a4:fa:1b:26:f0:55:c0:dd:0b:6b:14:30:34:8f:2f
   authkey:   53:9e:25:03:bc:a4:fa:1b:26:f0:55:c0:dd:0b:6b:14:30:34:8f:2f

It might be a problem with your version of OpenSSL.

To debug charon with gdb, you can try to start it with "ipsec start 


On 12/03/2010 03:30 PM, William Greene wrote:
> I'm pretty much at a dead end on how to proceed further. Does anyone
> have ideas or suggestions to debug the charon daemon when it is in a
> restart loop when using ECDSA public and private keys?
> Thanks in advance for any help and/or suggestions to proceed,
> Bill

Users mailing list
Users at lists.strongswan.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101203/8d5f6fcc/attachment.html>

More information about the Users mailing list