[strongSwan] Problem in stack when crl updation is done
bairathi.vivek at gmail.com
Tue Mar 30 12:42:54 CEST 2010
did you find anything?
On Fri, Mar 26, 2010 at 6:28 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hi Vivek,
> can you send me both the old and new CRL and the issuing CA certificate?
> Best regards
> On 26.03.2010 13:44, vivek bairathi wrote:
>> Hi All,
>> I am getting a problem with the strongswan-4.2.8, whenever I revoke a
>> peer certificate and
>> update the latest crl at my end and then try to make an SA it gets
>> created as it should not.
>> When I debug the stack I found that in credential_manager.c there is a
>> "get_better_crl", in this there are two problems that I saw:
>> 1. The crl list that is passed is having both the crls - the older one
>> and the latest one. (As I had provided only two crls, one at the
>> starting of the stack and the other after revoking the cert). But I
>> think as the new crl is added the older should deleted?
>> 2. The comparison done between the certificate serial number and the
>> serial numbers present in the crl is done with only the old crl and not
>> the new crl in which the certificate is revoked. I think there is some
>> problem in the parsing of the crl list as the crl list is not completely
>> Thanks for your help in advance.
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users