Your message dated Sat, 27 Jul 2019 18:25:41 +0000 with message-id <[email protected]> and subject line Bug#932144: Removed package(s) from unstable has caused the Debian Bug report #656474, regarding ipsec-tools: racoon: Make verification of x509 CRLs optional to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 656474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656474 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ipsec-tools Version: 1:0.7.3-12 Severity: wishlist Tags: upstream Currently when configured to verify peer x509 certificates ("verify_cert on") this includes the verification of certificate revocation lists (CRL). Racoon sets the following OpenSSL flags: X509_V_FLAG_CRL_CHECK X509_V_FLAG_CRL_CHECK_ALL before asking OpenSSL to verify the certificate. This will produce warnings in the racoon log file, if the CRL lists are not present. This is especially annoying, if the certificates are part of a certificate chain, because for every certificate in the chain racoon will print this warning. I think it would be nice to have a configuration option like verify_crl [on|all|off] so I could let the certificates be verified, but either don't care about CRLs at all or just care about the actual peer certificate and not the intermediate CAs. If the intermediate CA certs get revoked, I would surely want to know, but do not want that our systems stop talking to each other right away. Regards, Jan -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash Versions of packages ipsec-tools depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-4stable1 common error description library ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8o-4squeeze5 SSL shared libraries ipsec-tools recommends no packages. ipsec-tools suggests no packages. -- Configuration Files: /etc/init.d/setkey changed [not included] /etc/ipsec-tools.conf changed [not included] -- no debconf information
--- End Message ---
--- Begin Message ---Version: 1:0.8.2+20140711-12+rm Dear submitter, as the package ipsec-tools has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/932144 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
