[strongSwan] strongswan 4.6.4 and IOS6
chris at dd-wrt.com
Sun Dec 2 20:53:18 CET 2012
with 10.8 i have an issue, that the client says "unable to verify server
My Server certificate has X509v3 Subject Alternative Name: as
I tried even without extendedKeyUsage = serverAuth, 18.104.22.168.22.214.171.124.2 in
Regarding the log and tcpdump, i don't think that the ios problem is
related to the osx 10.8 problem.
Mit freundlichen Grüssen / Regards
NewMedia-NET GmbH - Devision DD-WRT
Firmensitz: Berliner Ring 101, 64625 Bensheim
Registergericht: Amtsgericht Darmstadt, HRB 25473
Geschäftsführer: Peter Steinhäuser, Christian Scheele
email: chris at dd-wrt.com
Tel.: +496251-582650 / Fax: +496251-5826565
On 01.12.12 20:36, Kris wrote:
> This issue seems to break OSX 10.8 also, small certs not help, hope
> the patch can be ported to SS 5 soon.
> On Tue, Nov 27, 2012 at 8:05 PM, Christian Scheele <chris at dd-wrt.com> wrote:
>> Gerd v. Egidy <lists at ...> writes:
>>> Hi Andreas,
>>>> I did have some time to look at it. You will find a patch implementing
>>>> Ciscos proprietary IKE fragmentation in the patches tarball in the
>>>> chroot-ipsec source rpm. It's based on Strongswan 4.4.1. I managed
>>>> to port (it did not apply cleanly) that patch to the 4.5.2 based
>>>> debian backports version and it at least compiles. Tests are still pending.
>>> Would you mind to post your patch for 4.5.2?
>>>> This is however a temporary workaround as this will surely not
>>>> work on 5.x. and therefore most likely never get into the
>>>> official srongswan repos.
>>> sure. Let's hope someone will make or sponsor a true port to 5 soon.
>> i uploaded the patch on pastebin:
>> We are using 5.0.1 right now, small certs work, but we would like to get this
>> implemented in 5.0.x as well.
>> Users mailing list
>> Users at lists.strongswan.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4478 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users