Re: [strongSwan] strongswan 4.3.5: building CRED_CERTIFICATE - PLUTO_CERT failed

Andreas Steffen Tue, 03 Nov 2009 22:00:14 -0800

Hi Gabriel,

have a look at the 4.3.5 ChangeLog:


- The private/public key parsing and encoding has been split up
  into separate pkcs1, pgp, pem and dnskey plugins. The public key
  implementation plugins gmp, gcrypt and openssl can all make use
  of them.

This means that if you load your plugins via an explicit load=
statement in the pluto section of strongswan.conf you must include

  pkcs1 pem

and you can omit the pubkey plugin.

Best regards

Andreas

Gabriel VLASIU wrote:
> Hi!
> 
> Nov  4 00:45:19 kali pluto[31835]: Starting IKEv1 pluto daemon (strongSwan 
> 4.3.5) THREADS VENDORID
> Nov  4 00:45:19 kali pluto[31835]: loaded plugins: aes des sha1 sha2 md5 gmp 
> random x509 pubkey hmac xcbc
> Nov  4 00:45:19 kali pluto[31835]:   including NAT-Traversal patch (Version 
> 0.6c) [disabled]
> Nov  4 00:45:19 kali pluto[31835]: Using Linux 2.6 IPsec interface code
> Nov  4 00:45:19 kali ipsec_starter[31834]: pluto (31835) started after 20 ms
> Nov  4 00:45:19 kali pluto[31835]: loading ca certificates from 
> '/etc/ipsec.d/cacerts'
> Nov  4 00:45:19 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:19 kali pluto[31835]: loading aa certificates from 
> '/etc/ipsec.d/aacerts'
> Nov  4 00:45:19 kali pluto[31835]: loading ocsp certificates from 
> '/etc/ipsec.d/ocspcerts'
> Nov  4 00:45:19 kali pluto[31835]: Changing to directory '/etc/ipsec.d/crls'
> Nov  4 00:45:19 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_AC 
> failed, tried 1 builders
> Nov  4 00:45:19 kali pluto[31835]: loading attribute certificates from 
> '/etc/ipsec.d/acerts'
> Nov  4 00:45:19 kali pluto[31835]: listening for IKE messages
> Nov  4 00:45:20 kali pluto[31835]: adding interface eth1/eth1 <deleted>
> Nov  4 00:45:20 kali pluto[31835]: adding interface eth0/eth0 <deleted>
> Nov  4 00:45:20 kali pluto[31835]: adding interface lo/lo 127.0.0.1:500
> Nov  4 00:45:20 kali pluto[31835]: loading secrets from "/etc/ipsec.secrets"
> Nov  4 00:45:20 kali pluto[31835]: loading secrets from 
> "/etc/ipsec.d/host.domain.com_cert.secrets"
> Nov  4 00:45:20 kali pluto[31835]: building CRED_PRIVATE_KEY - RSA failed, 
> tried 2 builders
> Nov  4 00:45:20 kali pluto[31835]:   syntax error in private key file
> Nov  4 00:45:20 kali pluto[31835]: 
> "/etc/ipsec.d/host.domain.com_cert.secrets" line 1: Private key file -- could 
> not be loaded
> Nov  4 00:45:20 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:20 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:20 kali pluto[31835]: added connection description 
> "host-somewhereNet"
> Nov  4 00:45:21 kali pluto[31835]: "host-somewhereNet" #1: initiating Main 
> Mode
> Nov  4 00:45:21 kali pluto[31835]: "host-somewhereNet" #1: ike alg: unable to 
> retrieve my private key
> Nov  4 00:45:21 kali pluto[31835]: "host-somewhereNet" #1: empty ISAKMP SA 
> proposal to send (no algorithms for ike selection?)
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: added connection description 
> "host-somewhere"
> Nov  4 00:45:21 kali pluto[31835]: "host-somewhere" #2: initiating Main Mode
> Nov  4 00:45:21 kali pluto[31835]: "host-somewhere" #2: ike alg: unable to 
> retrieve my private key
> Nov  4 00:45:21 kali pluto[31835]: "host-somewhere" #2: empty ISAKMP SA 
> proposal to send (no algorithms for ike selection?)
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: added connection description 
> "myNet-schererhof"
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: added connection description 
> "host-schererhof"
> Nov  4 00:45:21 kali pluto[31835]: esp string error
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:21 kali pluto[31835]: added connection description "myNet-home"
> Nov  4 00:45:21 kali pluto[31835]: esp string error
> Nov  4 00:45:21 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:22 kali pluto[31835]: building CRED_CERTIFICATE - PLUTO_CERT 
> failed, tried 1 builders
> Nov  4 00:45:22 kali pluto[31835]: added connection description "host-home"
> 
> Everything works fine if I use strongswan 4.3.4.
> Can this be related to this:
> 
> In file included from credentials/keys/public_key.h:31,
> from crypto/hashers/hasher.h:30,
> from crypto/crypto_factory.h:29,
> from library.h:61,
> from library.c:17:
> credentials/keys/key_encoding.h:42: warning: parameter has incomplete type
> 
> ....
> 
> In file included from credentials/keys/public_key.h:31,
>                  from crypto/hashers/hasher.h:30,
>                  from crypto/crypto_factory.h:29,
>                  from library.h:61,
>                  from utils/iterator.h:25,
>                  from utils/linked_list.h:28,
>                  from attributes/attribute_manager.c:19:
> credentials/keys/key_encoding.h:42: warning: parameter has incomplete type
> In file included from credentials/keys/public_key.h:31,
>                  from crypto/hashers/hasher.h:30,
>                  from crypto/crypto_factory.h:29,
>                  from library.h:61,
>                  from crypto/crypters/crypter.h:28,
>                  from crypto/crypters/crypter.c:19:
> credentials/keys/key_encoding.h:42: warning: parameter has incomplete type
> In file included from library.h:61,
>                  from crypto/crypters/crypter.h:28,
>                  from crypto/crypters/crypter.c:19:
> crypto/crypto_factory.h:39: warning: parameter has incomplete type
> crypto/crypto_factory.h:78: warning: parameter has incomplete type
> crypto/crypto_factory.h:130: warning: parameter has incomplete type
> 
> If yes, how can I fix this?
> Thank you.
> 
> 
> Sincerely,
> Gabriel

======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] strongswan 4.3.5: building CRED_CERTIFICATE - PLUTO_CERT failed

Reply via email to