Bug#679483: racoon.conf 'peers_certfile dnssec' does not do DNSSEC validation.

Thu, 28 Jun 2012 22:06:15 -0700 

Package: racoon
Version: 1:0.8.0-12
Severity: normal
Tags: upstream

Dear Maintainer,

Re racoon.conf 'peers_certfile dnssec'

On looking at the code for this option, which is little used yet, the daemon
does not set the RES_USE_DNSSEC or RES_USE_EDNS0 in src/racoon/dnssec.c

Ssh had to be compiled with this option for DNSSEC SSHFP checking to work.
See Debian bug #569592

There is the option to link racoon/ipsec-tools against lwres, and from the look 
of the code, it looks like NetBSD has RES_USE_DNSSEC from resolv.h turned on..

Will create patch to fix, as I am interested in using this option.

This code is little used yet, as DNSSEC is only just starting to spread.  From
the looks of it, I believe most client DNS resolvers are buggy in this area.
Thus, I have classified this with priority normal.

Regards,

Matthew Grant (myself)

*** Please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these lines ***


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages racoon depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.44
ii  ipsec-tools            1:0.8.0-12
ii  libc6                  2.13-33
ii  libcomerr2             1.42.4-3
ii  libgssapi-krb5-2       1.10.1+dfsg-1
ii  libk5crypto3           1.10.1+dfsg-1
ii  libkrb5-3              1.10.1+dfsg-1
ii  libldap-2.4-2          2.4.31-1
ii  libpam0g               1.1.3-7.1
ii  libssl1.0.0            1.0.1c-3
ii  perl                   5.14.2-12

racoon recommends no packages.

racoon suggests no packages.

-- Configuration Files:
/etc/racoon/psk.txt [Errno 13] Permission denied: u'/etc/racoon/psk.txt'
/etc/racoon/racoon-tool.conf changed [not included]

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to