Version 0.9.11 is now available for download from
http://www.strongsec.com/freeswan/
Only freeswan-1.97 is supported. Due to a total change in the source
code organization undertaken by the FreeS/WAN team in preparation for
freeswan-2.00pre1, there is currently no X.509 patch for the snapshot.
New features in version 0.9.11:
- When multi-tier X.509 hierarchical trust chains are used,
Windows XP sends its certificate plus any intermediate CA
certificates wrapped in a PKCS#7 signedData structure.
Pluto is now able to parse received certificates of type
CERT_PKCS7_WRAPPED_X509. In a first step all intermediate
CA certificates are added to the chained list of cacerts
rejecting self-signed root CA certificates. In a second
step the host or user certificate contained in the PKCS#7
structure is verified along the trust chain up to the
self-signed root CA certificate which must be present
in /etc/ipsec.d/cacerts and which is loaded statically
when Pluto starts up.
- The monitoring functions ipsec auto --listcerts, --listcacerts
and --listcrls now also feature a timestamp, logging
the exact time when a certificate or CRL was last loaded.
I have tested PKCS#7 support by hacking a FreeS/WAN Linux host
forcing it to send a PKCS#7 wrapped host certificate plus the
intermediate CA certificate. Since I currently don't have a
Windows XP installation I'm eager to get an instant feedback
from some users if the new patch actually works with XP.
Regards
Andreas
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST