Package: racoon Version: 1:0.8.0-12 Severity: normal Tags: upstream Dear Maintainer,
Re racoon.conf 'peers_certfile dnssec' On looking at the code for this option, which is little used yet, the daemon does not set the RES_USE_DNSSEC or RES_USE_EDNS0 in src/racoon/dnssec.c Ssh had to be compiled with this option for DNSSEC SSHFP checking to work. See Debian bug #569592 There is the option to link racoon/ipsec-tools against lwres, and from the look of the code, it looks like NetBSD has RES_USE_DNSSEC from resolv.h turned on.. Will create patch to fix, as I am interested in using this option. This code is little used yet, as DNSSEC is only just starting to spread. From the looks of it, I believe most client DNS resolvers are buggy in this area. Thus, I have classified this with priority normal. Regards, Matthew Grant (myself) *** Please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these lines *** -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages racoon depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.44 ii ipsec-tools 1:0.8.0-12 ii libc6 2.13-33 ii libcomerr2 1.42.4-3 ii libgssapi-krb5-2 1.10.1+dfsg-1 ii libk5crypto3 1.10.1+dfsg-1 ii libkrb5-3 1.10.1+dfsg-1 ii libldap-2.4-2 2.4.31-1 ii libpam0g 1.1.3-7.1 ii libssl1.0.0 1.0.1c-3 ii perl 5.14.2-12 racoon recommends no packages. racoon suggests no packages. -- Configuration Files: /etc/racoon/psk.txt [Errno 13] Permission denied: u'/etc/racoon/psk.txt' /etc/racoon/racoon-tool.conf changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org