[strongSwan] Problem in stack when crl updation is done

vivek bairathi bairathi.vivek at gmail.com
Tue Mar 30 12:42:54 CEST 2010


Hi Andreas,

did you find anything?

Regards,
Vivek

On Fri, Mar 26, 2010 at 6:28 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Vivek,
>
> can you send me both the old and new CRL and the issuing CA certificate?
>
> Best regards
>
> Andreas
>
>
> On 26.03.2010 13:44, vivek bairathi wrote:
>
>> Hi All,
>> I am getting a problem with the strongswan-4.2.8, whenever I revoke a
>> peer certificate and
>> update the latest crl at my end and then try to make an SA it gets
>> created as it should not.
>> When I debug the stack I found that in credential_manager.c there is a
>> function
>> "get_better_crl", in this there are two problems that I saw:
>> 1. The crl list that is passed is having both the crls - the older one
>> and the latest one. (As I had provided only two crls, one at the
>> starting of the stack and the other after revoking the cert). But I
>> think as the new crl is added the older should deleted?
>> 2. The comparison done between the certificate serial number and the
>> serial numbers present in the crl is done with only the old crl and not
>> the new crl in which the certificate is revoked. I think there is some
>> problem in the parsing of the crl list as the crl list is not completely
>> parsed?
>> Thanks for your help in advance.
>> Regards,
>> Vivek
>>
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100330/aacb0f22/attachment.html>


More information about the Users mailing list