[CentOS] upgrade to 5.4 openswan broke
Ralph Angenendt
ralph.angenendt at gmail.com
Fri Oct 23 12:08:11 UTC 2009
On Fri, Oct 23, 2009 at 1:28 PM, Timothy Murphy <gayleard at eircom.net> wrote:
> Ralph Angenendt wrote:
>
>> I just got told that you have to feed all certificates to nss storage
>> instead of having them in pem files.
>>
>> See README.nss for more hints.
>
> I found these remarks, as also /usr/share/doc/openssh-4.3p2/README.nss,
> more or less unintelligible.
It's README.nss in the openswan documentation which comes with the
openswan-doc package.
> Does one really "have to" do this?
Yes. Upstream seems to want to be FIPS 140-2 compliant. I wonder why
there aren't *ANY* warnings in upstream's release notes regarding
that.
Sorry, we didn't catch that during QA as nobody doing so had openswan
configured :)
Regards,
Ralph
More information about the CentOS
mailing list