Re: [CentOS] upgrade to 5.4 openswan broke
On Fri, Oct 23, 2009 at 1:28 PM, Timothy Murphy wrote: > Ralph Angenendt wrote: > >> I just got told that you have to feed all certificates to nss storage >> instead of having them in pem files. >> >> See README.nss for more hints. > > I found these remarks, as also /usr/share/doc/openssh-4.3p2/README.nss, > more or less unintelligible. It's README.nss in the openswan documentation which comes with the openswan-doc package. > Does one really "have to" do this? Yes. Upstream seems to want to be FIPS 140-2 compliant. I wonder why there aren't *ANY* warnings in upstream's release notes regarding that. Sorry, we didn't catch that during QA as nobody doing so had openswan configured :) Regards, Ralph ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrade to 5.4 openswan broke
Ralph Angenendt wrote: > I just got told that you have to feed all certificates to nss storage > instead of having them in pem files. > > See README.nss for more hints. I found these remarks, as also /usr/share/doc/openssh-4.3p2/README.nss, more or less unintelligible. Does one really "have to" do this? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrade to 5.4 openswan broke
On Fri, Oct 23, 2009 at 5:33 AM, Myron Williams wrote: > Any help would be appreciated. I just got told that you have to feed all certificates to nss storage instead of having them in pem files. See README.nss for more hints. Regards, Ralph ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos