On Thu, Aug 19, 2010 at 11:37:47AM -0400, Paul Wouters wrote: > On Thu, 19 Aug 2010, Harald Jenny wrote: > > >I think I found something: > > > >in programs/pluto/connections.c, line 816 > > > > if(!valid_cert) { > > whack_log(RC_FATAL, "can not load certificate file %s\n" > > , filename); > > /* clear the ID, we're expecting it via %fromcert */ > > dst->id.kind = ID_NONE; > > return; > > } > > > >This is an incorrect assumption because since version 2.5.16 leftid does not > >default anymore to %fromcert. On the other hand it seems that in 2.4.12 the > >leftid value is kept even when no leftcert is present. What implications > >would > >a removal of > >dst->id.kind = ID_NONE; > >have? > > I don't think it would hurt.
Ok > But we're still looking at why an incorrectly > configured configuration that happened to work, "broke". Because of the code changes - in 2.4 leftid was automatically set then a leftcert was set, but on the other hand could be overriden by the leftid param. Setting a custom leftid after first sourcing the leftid from leftcert was a reasonable way therefore, on the other hand unsetting the leftid at the point when the attempt to source the file failed was ok too. In 2.6 the leftid gets dropped regardless if it from cert or not when the file is invalid. > > The check could be changed to see if dst->id.kind is loaded with "%fromcert" > before clearing it. Sounds reasonable. > > Paul Thanks for your time Harald > >> > >>Paul > > > >Kind regards > >Harald > > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org