23 Oct
2009
23 Oct
'09
2:08 p.m.
On Fri, Oct 23, 2009 at 1:28 PM, Timothy Murphy gayleard@eircom.net wrote:
Ralph Angenendt wrote:
I just got told that you have to feed all certificates to nss storage instead of having them in pem files.
See README.nss for more hints.
I found these remarks, as also /usr/share/doc/openssh-4.3p2/README.nss, more or less unintelligible.
It's README.nss in the openswan documentation which comes with the openswan-doc package.
Does one really "have to" do this?
Yes. Upstream seems to want to be FIPS 140-2 compliant. I wonder why there aren't *ANY* warnings in upstream's release notes regarding that.
Sorry, we didn't catch that during QA as nobody doing so had openswan configured :)
Regards,
Ralph