[strongSwan] SQL and IKE/ESP

David Spracklen david_spracklen at yahoo.com
Fri Jul 30 17:09:22 CEST 2010


Thanks very much, Martin.  I guess I had two problems, but this did correctly 
address the ECP_256 issue. (the other is also resolved now too) I -thought- that 
I'd disabled those plugin registrations, but I had not done so as you pointed 
out.

Thanks again for the response.

Dave




________________________________
From: Martin Willi <martin at strongswan.org>
To: David Spracklen <david_spracklen at yahoo.com>
Cc: users at lists.strongswan.org
Sent: Wed, July 28, 2010 2:43:49 AM
Subject: Re: [strongSwan] SQL and IKE/ESP

Hi Dave,

> I am trying to use SQL with ECDSA. The log showed my cert was read in
> correctly, but there was a mention that ECP_256 was not supported. 

ECDSA is usually independent of ECDH, I don't think this is related to
your certificate.

> The DH implementation we're using doesn't support this

The default proposals are constructed using the registered algorithms
[1]. In contrast to a ipsec.conf based configuration, no additional
algorithms [2] are attached.

If your plugin does not support ECP_256, you should not register that
algorithm. The OpenSSL plugin does plugin registration at [3].

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/config/proposal.c;h=e8639302896e1b0635014e49500b319b1fe966f4;hb=HEAD#l766

[2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/starter/confread.c;h=399e17844d60b763811e08bb783628508620cf8d;hb=HEAD#l35

[3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/openssl/openssl_plugin.c;h=31697dcb893d5e668a9b1df552cf44321edd2cd1;hb=HEAD#l290


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100730/ec4d63e2/attachment.html>


More information about the Users mailing list