[strongSwan] What the blankety-blank-blank is Win10 doing? (now Android and ECDSA certs)
Tobias Brunner
tobias at strongswan.org
Mon Jul 3 16:14:57 CEST 2017
Hi Karl,
> But now, when that certificate is selected, StrongSwan doesn't seem to
> want to *find* the certificate, even though it *does* verify as ok
> against the CA that issued it, and it's in the "certs" directory.....
No need to put it there unless you actually reference it explicitly in
your config. It seems the certificate received from the client can't be
parsed:
> Jul 1 15:19:25 NewFS charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
> Jul 1 15:19:25 NewFS charon: 16[IKE] received cert request for "C=US, ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA, E=Cuda Systems LLC CA"
> Jul 1 15:19:25 NewFS charon: 16[LIB] building CRED_CERTIFICATE - X509 failed, tried 3 builders
Do you have the openssl plugin enabled and loaded? That's required to
use ECDSA with strongSwan.
Regards,
Tobias
More information about the Users
mailing list