Re: [Users] x509 problem with SSH Sentinel

From: Whit Blauvelt (whit_at_transpect.com)
Date: Fri Aug 30 2002 - 04:35:30 CEST

• Previous message: sears108: "[Users] A nice game"
• In reply to: John Sweeney: "Re: [Users] x509 problem with SSH Sentinel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, Aug 27, 2002 at 09:19:40AM +1000, John Sweeney wrote:
> I thnk I have solved my problem. SSH Sentinel wasn't reading the
> CA certificate I had imported from the Freeswan box, nor the public
> certificate that the Freeswan box was sending during negotiation.
> The reason? Both these certificates did not have DOS carriage
> returns. Passing them through unix2dos seems to have fixed the
> problem.

Ah, that must explain why trying to follow the instructions from SSH
(http://www.ssh.com/support/sentinel/SSH-Sentinel-1.3-FreeSWAN.pdf) failed
for me. But I'm confused on where in the process you're doing the unix2dos
conversion - the public cert is easy to convert, but the SSH instructions
for using OpenSSL to do the generating have it produce a
pkcs12_envelope_for_whatever.com.p12 file that then gets imported to
Sentinel - but it's not text at that point. I should add dos cr's at an
earlier stage - or maybe this sequence just needs the public cert on the FS
box cr-lf'd? I'll test that.

Strangely, the original unix2dos program is hard to find as source, existing
mostly in rpm's (and not in debs). I did find a small perl program that does
the same thing (at http://www.cs.wright.edu/~jslater/nnfc/Readme.html):

--- cut
#!/usr/bin/perl
{
    foreach $inFileName (@ARGV) {
        open INTEXTFILE , $inFileName;
        open OUTTEXTFILE, ">". $inFileName . ".con";
        binmode OUTTEXTFILE;
        binmode INTEXTFILE;
        @textFile = <INTEXTFILE>;
        foreach $textline (@textFile) {
                $textline =~ s/\x0a/\x0d\x0a/g;
                print OUTTEXTFILE $textline;
        };
        close (INTEXTFILE);
        close (OUTTEXTFILE);
        rename($inFileName,$inFileName . ".unix");
        rename($inFileName . ".con",$inFileName);
# unlink($inFileName . ".unix");
    }
}
--- cut

As is this converts the file you name and keeps the old version with .unix
appended - unless you uncomment that unlink line of course.

Whit
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Previous message: sears108: "[Users] A nice game"
• In reply to: John Sweeney: "Re: [Users] x509 problem with SSH Sentinel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Aug 30 2002 - 06:19:54 CEST