[strongSwan] ipsec.secrets loading p12 file fail due to no CRED_CONTAINER during enumeration

Tobias Brunner tobias at strongswan.org
Wed Feb 6 14:19:37 CET 2019

Hi Peter,

> By adding the ! to force loading it, confirms failure to load this plugin.

What failure?  What's logged?  If there are missing plugin features, you
may have to load other plugins (you can increase the log level for lib
to see more messages by the plugin loader).

> 2) strongswan.conf does include strongswan.d/charon:

Which is irrelevant if you also configure charon.load:

> charon {
> load = random nonce aes md5 sha1 sha2 pem pkcs8 pkcs12 curve25519 gmp
> x509 curl revocation hmac gcm stroke kernel-netlink socket-default
> eap-tls updown

> 3) pkcs12.conf does have load=yes

Again, it's not used if there is a load statement.

> I believe pkcs12 is enabled by default.

It is.

> Perhaps it's missing other packages?

Exactly, probably the pkcs7 plugin (also enabled by default, and a
PKCS#7 parser is also provided by the openssl plugin, which, while
explicitly enabled, is not included in your load statement).


More information about the Users mailing list