Since version 0.9.6 of the X.509 patch, Pluto knows how to load and
parse peer certificates. Therefore the external fswcert script once
executed in the _confread script is not needed anymore.
Do not apply the _confread.patch to freeswan-1.97!!!
Instead just define the peer's certificate in ipsec.conf
conn peer
right=%any
rightcert=peerCert.pem
and FreeS/WAN will load it from the directory /etc/ipsec.d.
Regards
Andreas
"s.k." wrote:
>
> Hello, everybody!
>
> I try to install the fswcert extraction tool in order to use local peer
> certificates. The README says:
> - Build fswcert with `make'
> - Install fswcert with `make install'
> The above is OK, but below is unclear:
> - Patch FreeS/WAN's _confread with the patch provided
> How could I apply that patch? It is not an executable.
> /usr/local/lib/ipsec/ contains an executable already:
> # ls /usr/local/lib/ipsec/_confread -al
> -rwxr-xr-x 1 root root 11110 May 4 22:05
> /usr/local/lib/ipsec/_confread
>
> I also found in the newsgoup:
> - Next you must patch utils/auto and in case that you want to work
> with locally stored certificates also utils/_confread.
> - These two patched scripts must be copied to the directory where
> you keep the IPsec executables, usually /usr/local/lib/ipsec.
>
> But it does not give me more for understanding.
> Could somebody give me a hint?
>
> Regards
> Serge
>
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
Content Security by MailMarshal
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:04 CEST