Comments (3)
When a certificate file is selected for the server, the nm backend loads only a single cert from that file, even if it is a PEM bundle of both CA certs.
Yeah, strongSwan does not support certificate bundles. Changing that is currently not planned.
When no cert file is selected, the nm backend loads all certs from the system CA folder.
You can also configure your own directory (that e.g. only contains the CA certificates you need) via charon-nm.ca_dir
option.
Putting the same CA certs bundle PEM file in that folder makes TLS-based EAP methods working again.
Not unless that bundle is processed by a tool and split up into separate files. There is no difference in how files are loaded from the configured directory vs. when configured in the GUI.
from strongswan.
https://bugs.debian.org/853266 doesn't provide sufficient details, but it might be related.
Maybe its oversimplified, but I find it difficult to understand that a directory providing 2 certificates is supported, while a file providing the same 2 certificates is not. Just my $0.02.
from strongswan.
https://bugs.debian.org/853266 doesn't provide sufficient details, but it might be related.
Don't think so. Not only was that created long before basic support for TLS-based EAP methods was added to charon-nm with bc3eda9 in 2020, the main issue is that libcharon-extra-plugins
does not ship the eap-peap plugin (it does ship the eap-ttls plugin, though).
Maybe its oversimplified, but I find it difficult to understand that a directory providing 2 certificates is supported, while a file providing the same 2 certificates is not.
strongSwan's certificate parsers can only handle a single certificate per file. So loading a directory with multiple files, each containing a trusted certificate, is straight-forward, loading multiple certificates from a single file is not.
from strongswan.
Related Issues (20)
- Start profiles immediately after StrongSwan/Android is started HOT 1
- How to configure strongswan to listen in TCP mode HOT 1
- android11 can't use "IKEv2/IPSec MSCHAPv2" to connect strongswanVPN server
- "<child>.local_ts" Dynamic acquisition of network card IP address HOT 2
- I used a tester to test VPN throughput and found that charon’s memory usage was high and was killed by the kernel. Is there any solution to limit memory usage? HOT 13
- Build of version 5.9.14 fails on alpine (musl) HOT 1
- ubuntu make error
- proposal_keywords.c is excluded by the .gitignore file HOT 2
- add logger configuration for json output HOT 4
- Add support for the post-quantum ML-KEM KE algorithm in openssl plugin
- Routing regression between 5.9.8 (Debian Bookworm deb12u1) and 5.9.13 (Ubuntu 24.04 (2ubuntu4)) HOT 8
- libstrongswan rsa test getting hang sporadically with strongswan 5.9.6 HOT 2
- "Invalid ELF image for this architecture" error while running tests suite in strongswan HOT 1
- Confusing loading state in Battery Saver HOT 1
- "Invalid ELF image for this architecture" error while running tests suite in strongswan 5.8.4 version HOT 5
- Are there plans to adapt HarmonyOS in the future? HOT 2
- "printf_hooks" test failure in strongswan 5.9.13 version HOT 2
- Always list first usable address as base in the output of swanctl --list-pools command
- multiple subnet but only one establishing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strongswan.