[strongSwan] building CRED_CERTIFICATE - X509 failed, tried 3 builders

2019-05-09 Thread Yogesh Purohit
Hi, I was using strongswan 5.5.2 version where I was using ECDSA certificates. Recently i have moved to strongswan version 5.6.3. But with this new version I am facing issue in loading my certificates and keys. Strongswan fails to load certificates. I noticed this new line in it 'building CRED_CER

Re: [strongSwan] building CRED_CERTIFICATE - X509 failed, tried 3 builders

2019-05-09 Thread Yogesh Purohit
Hi All, I tried verifying the same ecdsa certificate and ca cert on both strongswan versions: On strongswan 5.5.2 version: [root@mac-6 ~]# pki --verify --in /etc/ipsec.d/certs/certificate-1.pem --ca /etc/ipsec.d/cacerts/certificate-2.pem using certificate "C=IN, ST=M, L=M, O=Yam, OU=Ya, CN=prim

Re: [strongSwan] building CRED_CERTIFICATE - X509 failed, tried 3 builders

2019-05-10 Thread Tobias Brunner
Hi Yogesh, > Whereas when i tried verifying the same set on strongswan version 5.6.3: You need the openssl plugin to load ECDSA keys/certificates. Regards, Tobias

Re: [strongSwan] building CRED_CERTIFICATE - X509 failed, tried 3 builders

2019-05-15 Thread Yogesh Purohit
Thanks Tobias for the reply, But I visited strongswan wiki page for plugins where description for openssl plugin is - crypto backend based on openssl, provides RSA/ECDSA/DH/ECDH support. So on my setup RSA certificates are working whereas ECDSA certs are facing this issue. So how does RSA certi

Re: [strongSwan] building CRED_CERTIFICATE - X509 failed, tried 3 builders

2019-05-16 Thread Tobias Brunner
Hi Yogesh, > So how does RSA certificate work without openssl plugin? The gmp plugin (enabled by default) probably handles that. Regards, Tobias