[strongSwan] OCSP and libcurl

Modster, Anthony Anthony.Modster at Teledyne.com
Thu Apr 15 22:37:56 CEST 2021 

Hello

Does strongswan support libcurl curl_easy_setopt() CURLOPT_INTERFACE

curl_easy_setopt - set options for a curl easy handle



Teledyne Confidential; Commercially Sensitive Business Data
From: Modster, Anthony
Sent: Thursday, April 15, 2021 10:36 AM
To: users at lists.strongswan.org
Subject: OCSP and libcurl

Hello

What path does charon libcurl use when sending OCSP protocol ?

The URL is resolved, but the network is not found.

  *   charon [info] 07[CFG]   requesting ocsp status from \'http://www.carillon.ca/sha2-ocsp\' ...
  *   charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 192.64.30.9: Network is unreachable
  *   charon [info] 07[CFG] ocsp request to http://www.carillon.ca/sha2-ocsp failed
  *   charon [info] 07[CFG] ocsp check failed, fallback to crl
  *   charon [info] 07[CFG]   fetching crl from \'http://www.carillon.ca/caops/test-signca2-crl.crl\' ...
  *   charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 192.64.30.9: Network is unreachable
  *   charon [info] 07[CFG] crl fetching failed
  *   charon [info] 07[CFG] certificate status is not available
  *   charon [info] 07[CFG] ocsp check skipped, no ocsp found
  *   charon [info] 07[CFG]   fetching crl from \'http://www.carillon.ca/caops/TEST-cisRCA1.crl\' ...
  *   charon [info] 07[LIB] libcurl request failed [7]: Failed to connect to 192.64.30.9: Network is unreachable
  *   charon [info] 07[CFG] crl fetching failed
  *   charon [info] 07[CFG] certificate status is not available

The VPN tunnel does come up (so IKE and ESP packets are ok).
Below is some of the configuration information.

  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 12[CFG] vici client 6 connected
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG] vici client 6 requests: load-conn
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]  conn sgateway1-radio0:
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]   child sgateway1-radio0:
  *   ...
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]    local_ts = dynamic
  *   2021 Apr 15 17:09:04+00:00 wglng-17 charon [info] 10[CFG]    remote_ts = 40.40.40.15/32
  *   ...
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   local_addrs = 10.215.3.133
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   remote_addrs = 76.232.248.220
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   local_port = 500
  *   2021 Apr 15 17:09:05+00:00 wglng-17 charon [info] 10[CFG]   remote_port = 500
Thanks




Teledyne Confidential; Commercially Sensitive Business Data
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210415/cd2a1638/attachment-0001.html>

More information about the Users mailing list