Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: X.509 patch version 0.9.11 offers PKCS#7 support

From: Markus Koellner (smshomey_at_gmx.de)
Date: Thu May 02 2002 - 17:59:35 CEST

Next message: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
Previous message: Justin Kreger: "RE: [Users] It is not funny anymore: VIRUS / WORMS over this list"
In reply to: Andreas Steffen: "[Users] X.509 patch version 0.9.11 offers PKCS#7 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Excellent!
I've tested the new patch successfully.
PKCS7 support works!

As always, many thanks, good work!

My Testbed:
WinXP Professional + VPN Tool as Roadwarrior
Freeswan1.97 + X.509Patch 0.9.11

Bye
Markus

At 11:41 01.05.02, you wrote:
>Version 0.9.11 is now available for download from
>
> http://www.strongsec.com/freeswan/
>
>Only freeswan-1.97 is supported. Due to a total change in the source
>code organization undertaken by the FreeS/WAN team in preparation for
>freeswan-2.00pre1, there is currently no X.509 patch for the snapshot.
>
>New features in version 0.9.11:
>
>- When multi-tier X.509 hierarchical trust chains are used,
> Windows XP sends its certificate plus any intermediate CA
> certificates wrapped in a PKCS#7 signedData structure.
> Pluto is now able to parse received certificates of type
> CERT_PKCS7_WRAPPED_X509. In a first step all intermediate
> CA certificates are added to the chained list of cacerts
> rejecting self-signed root CA certificates. In a second
> step the host or user certificate contained in the PKCS#7
> structure is verified along the trust chain up to the
> self-signed root CA certificate which must be present
> in /etc/ipsec.d/cacerts and which is loaded statically
> when Pluto starts up.
>
>- The monitoring functions ipsec auto --listcerts, --listcacerts
> and --listcrls now also feature a timestamp, logging
> the exact time when a certificate or CRL was last loaded.
>
>I have tested PKCS#7 support by hacking a FreeS/WAN Linux host
>forcing it to send a PKCS#7 wrapped host certificate plus the
>intermediate CA certificate. Since I currently don't have a
>Windows XP installation I'm eager to get an instant feedback
> >from some users if the new patch actually works with XP.
>
>Regards
>
>Andreas
>
>======================================================================
>Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
>Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
>CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
>===============================================================[ZHW]==

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
Previous message: Justin Kreger: "RE: [Users] It is not funny anymore: VIRUS / WORMS over this list"
In reply to: Andreas Steffen: "[Users] X.509 patch version 0.9.11 offers PKCS#7 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST