General

Profile

Paul Wouters

Issues

Activity

21.04.2020

15:24 strongSwan Bug #3249: x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+
Tobias Brunner wrote:
> > This should show Key Usage and Extended Key Usage, but will not show Key Usage because the...
03:42 strongSwan Bug #3249: x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+
Same for centos7 with gcc-4.8.5 testing with 5.8.4
using both rpmbuild with rpm build macros, and by using manual ...
03:22 strongSwan Bug #3249: x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+
Note I just installed 5.8.4 and still see the same issue on fedora rawhide and fedora 32, so the fix that went into 5...

07.11.2019

18:22 strongSwan Bug #3249: x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+
This problem seems to not happen on fedora29 or ubuntu 18, but happens on fedora30. Perhaps a different openssl versi...

06.11.2019

21:45 strongSwan Bug #3249 (Closed): x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+
Specifically, the NSS library using RFC 4945 IPsec profiles will reject the certificate validation because of the emp...

28.08.2018

17:51 strongSwan Issue #2731: IKEv2 rekey uses KE of wrong DH group
I heard back from the client side. This was using the strongswan SDK for Android. Apparently this was build over a ye...

27.08.2018

18:22 strongSwan Issue #2731 (Closed): IKEv2 rekey uses KE of wrong DH group

strongswan initiates to libreswan, with a KE for ECP_256.
libreswan sends INVALID_KE with MODP2048 group
strongsw...

14.09.2017

19:44 strongSwan Issue #2424: Default proposal no longer uses PFS, breaking anyone upgrading from 5.5.3 to 5.6.0
Tobias Brunner wrote:
> How so? Could you point me to a specific scenario that failed that way? (By the way, the ...
18:37 strongSwan Issue #2424: Default proposal no longer uses PFS, breaking anyone upgrading from 5.5.3 to 5.6.0
Tobias Brunner wrote:
> > This breaks existing configurations with no ike= line and those with an ike= line specifyi...

12.09.2017

07:26 strongSwan Bug #2425 (Closed): ./utils/utils/memory.h:99:15: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
This happens on the fedora rawhide gcc...

Also available in: Atom