[strongSwan] Charon reset
Martin Willi
martin at strongswan.org
Mon Mar 9 17:23:49 CET 2015
> I will try to more quickly produce the crash by setting ikelifetime.
> Is there a recommended (or minimum) value?
You may set it to 30s or so, but make sure to adjust
rekeymargin/rekeyfuzz accordingly.
> (gdb) p *cert
> $4 = {get_type = 0xd30fe0, get_subject = 0x7f5e631a9ed8 <main_arena+88>, has_subject = 0, get_issuer = 0,
> has_issuer = 0x7f5e5d7cdb00 <has_issuer>, issued_by = 0x7f5e5d7ce0a0 <issued_by>,
> get_public_key = 0x7f5e5d7cdb10 <get_public_key>, get_validity = 0x7f5e5d7ce030 <get_validity>,
> get_encoding = 0x7f5e5d7cdcb0 <get_encoding>, equals = 0x7f5e5d7d3930 <equals>, get_ref = 0x7f5e5d7cdfa0 <get_ref>,
> destroy = 0x7f5e5d7ce780 <destroy>}
That certificate instance is definitely corrupted, most likely a
reference counting issue.
> http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8ca9a67fa
You definitely should give that commit referenced by Tobias a try.
Either apply the patch manually to your build, or upgrade to at least
version 5.2.1.
Regards
Martin
More information about the Users
mailing list