General

Profile

Paul Wouters

Issues

Activity

07.11.2019

18:22 strongSwan Bug #3249: x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+
This problem seems to not happen on fedora29 or ubuntu 18, but happens on fedora30. Perhaps a different openssl versi...

06.11.2019

21:45 strongSwan Bug #3249 (Closed): x509 plugin creates CA certificates with invalid Key Usage flags when compiling with GCC 9+ or clang 4+
Specifically, the NSS library using RFC 4945 IPsec profiles will reject the certificate validation because of the emp...

28.08.2018

17:51 strongSwan Issue #2731: IKEv2 rekey uses KE of wrong DH group
I heard back from the client side. This was using the strongswan SDK for Android. Apparently this was build over a ye...

27.08.2018

18:22 strongSwan Issue #2731 (Closed): IKEv2 rekey uses KE of wrong DH group

strongswan initiates to libreswan, with a KE for ECP_256.
libreswan sends INVALID_KE with MODP2048 group
strongsw...

14.09.2017

19:44 strongSwan Issue #2424: Default proposal no longer uses PFS, breaking anyone upgrading from 5.5.3 to 5.6.0
Tobias Brunner wrote:
> How so? Could you point me to a specific scenario that failed that way? (By the way, the ...
18:37 strongSwan Issue #2424: Default proposal no longer uses PFS, breaking anyone upgrading from 5.5.3 to 5.6.0
Tobias Brunner wrote:
> > This breaks existing configurations with no ike= line and those with an ike= line specifyi...

12.09.2017

07:26 strongSwan Bug #2425 (Closed): ./utils/utils/memory.h:99:15: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
This happens on the fedora rawhide gcc...

11.09.2017

06:26 strongSwan Issue #2424: Default proposal no longer uses PFS, breaking anyone upgrading from 5.5.3 to 5.6.0
Actually, this is also a problem for IKEv2 (but I cannot seem to update the bug title)
Any configuration that uses...
02:55 strongSwan Issue #2424 (Closed): Default proposal no longer uses PFS, breaking anyone upgrading from 5.5.3 to 5.6.0
It seems a change in 5.6.0 was made to no longer default to PFS when using IKEv1.
This breaks existing configurati...

19.06.2017

16:16 strongSwan Bug #2364 (Closed): "CHILD_SA ... established ..." log message not seen in ipsec up or swanctl --initiate output
Our interop test cases flagged these:
http://testing.libreswan.org/results/testing/v3.20-603-gce5d67b-master/inter...

Also available in: Atom