Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 902601 Details for
Bug 1105179
ipsec_auto --ready doesn't work properly
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch for ipsec auto man page and usage text
openswan-6.6-1105179.patch (text/plain), 16.45 KB, created by
Paul Wouters
on 2014-06-05 16:59:40 UTC
(
hide
)
Description:
patch for ipsec auto man page and usage text
Filename:
MIME Type:
Creator:
Paul Wouters
Created:
2014-06-05 16:59:40 UTC
Size:
16.45 KB
patch
obsolete
>diff -Naur openswan-2.6.32-orig/programs/auto/auto.8 openswan-2.6.32/programs/auto/auto.8 >--- openswan-2.6.32-orig/programs/auto/auto.8 2010-12-17 20:23:54.000000000 -0500 >+++ openswan-2.6.32/programs/auto/auto.8 2014-06-05 12:51:08.374473888 -0400 >@@ -1,13 +1,22 @@ > '\" t > .\" Title: IPSEC_AUTO > .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] >-.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> >-.\" Date: 10/06/2010 >+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> >+.\" Date: 06/05/2014 > .\" Manual: [FIXME: manual] > .\" Source: [FIXME: source] > .\" Language: English > .\" >-.TH "IPSEC_AUTO" "8" "10/06/2010" "[FIXME: source]" "[FIXME: manual]" >+.TH "IPSEC_AUTO" "8" "06/05/2014" "[FIXME: source]" "[FIXME: manual]" >+.\" ----------------------------------------------------------------- >+.\" * Define some portability stuff >+.\" ----------------------------------------------------------------- >+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >+.\" http://bugs.debian.org/507673 >+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html >+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >+.ie \n(.g .ds Aq \(aq >+.el .ds Aq ' > .\" ----------------------------------------------------------------- > .\" * set default formatting > .\" ----------------------------------------------------------------- >@@ -37,11 +46,11 @@ > .HP \w'\fBipsec\fR\ 'u > \fBipsec\fR \fIauto\fR {\ \-\-add\ |\ \-\-delete\ |\ \-\-replace\ |\ \-\-up\ |\ \-\-down\ } \fIconnection\fR > .HP \w'\fBipsec\fR\ 'u >-\fBipsec\fR \fIauto\fR {\ \-\-status\ |\ \-\-ready\ } \fIconnection\fR >+\fBipsec\fR \fIauto\fR {\ \-\-status\ |\ \-\-ready\ } > .HP \w'\fBipsec\fR\ 'u > \fBipsec\fR \fIauto\fR {\ \-\-route\ |\ \-\-unroute\ } \fIconnection\fR > .HP \w'\fBipsec\fR\ 'u >-\fBipsec\fR \fIauto\fR [\-\-utc] [\-\-listall\ |\ \-\-rereadall] [\-\-rereadsecrets] [\-\-listcerts] [\-\-listpubkeys] [\-\-listcacerts\ |\ \-\-rereadcacerts] [\-\-listcrls\ |\ \-\-rereadcrls] [[\-\-listocspcerts\ |\ \-\-rereadocspcerts\ ]\ [\-\-listocsp\ |\ \-\-purgeocsp\ ]] [\-\-listacerts\ |\ \-\-rereadacerts] [\-\-listaacerts\ |\ \-\-rereadaacerts] [\-\-listgroups\ |\ \-\-rereadgroups] >+\fBipsec\fR \fIauto\fR [\-\-utc] [\-\-listall\ |\ \-\-rereadall] [\-\-rereadsecrets] [\-\-listcerts] [\-\-listpubkeys] [\-\-listcacerts\ |\ \-\-rereadcacerts] [\-\-listcrls\ |\ \-\-rereadcrls] [[\-\-listocspcerts\ |\ \-\-rereadocspcerts\ ]\ [\-\-listocsp\ |\ \-\-purgeocsp\ ]] [\-\-listgroups\ |\ \-\-rereadgroups] > .SH "DESCRIPTION" > .PP > \fIAuto\fR >@@ -60,8 +69,7 @@ > \fB\-\-ready\fR, > \fB\-\-rereadsecrets\fR, > \fB\-\-rereadgroups\fR, and >-\fB\-\-status\fR >-\fIoperations\fR >+\fB\-\-status\fR\fIoperations\fR > do not take a connection name\&. > \fIAuto\fR > generates suitable commands and feeds them to a shell for execution\&. >@@ -74,13 +82,13 @@ > already has a specification by that name\&. The > \fB\-\-delete\fR > operation deletes a connection specification from >-\fIpluto\fR\'s internal database (also tearing down any connections based on it); it will fail if the specification does not exist\&. The >+\fIpluto\fR\*(Aqs internal database (also tearing down any connections based on it); it will fail if the specification does not exist\&. The > \fB\-\-replace\fR > operation is equivalent to > \fB\-\-delete\fR > (if there is already a specification by the given name) followed by > \fB\-\-add\fR, and is a convenience for updating >-\fIpluto\fR\'s internal specification to match an external one\&. (Note that a >+\fIpluto\fR\*(Aqs internal specification to match an external one\&. (Note that a > \fB\-\-rereadsecrets\fR > may also be needed\&.) The > \fB\-\-rereadgroups\fR >@@ -106,7 +114,7 @@ > operation\&. Until and unless an actual connection is established, this discards any packets sent there, which may be preferable to having them sent elsewhere based on a more general route (e\&.g\&., a default route)\&. > .PP > Normally, >-\fIpluto\fR\'s route to a destination remains in place when a >+\fIpluto\fR\*(Aqs route to a destination remains in place when a > \fB\-\-down\fR > operation is used to take the connection down (or if connection setup, or later automatic rekeying, fails)\&. This permits establishing a new connection (perhaps using a different specification; the route is altered as necessary) without having a \(lqwindow\(rq in which packets might go elsewhere based on a more general route\&. Such a route can be removed using the > \fB\-\-unroute\fR >@@ -146,29 +154,21 @@ > .PP > The > \fB\-\-rereadcacerts\fR >-operation reads all certificate files contained in the /etc/ipsec\&.d/cacerts directory and adds them to pluto\(^aÂÂs list of Certification Authority (CA) certificates\&. >-.PP >-The >-\fB\-\-rereadaacerts\fR >-operation reads all certificate files contained in the /etc/ipsec\&.d/aacerts directory and adds them to pluto\(^aÂÂs list of Authorization Authority (AA) certificates\&. >+operation reads all certificate files contained in the /etc/ipsec\&.d/cacerts directory and adds them to pluto\*(Aqs list of Certification Authority (CA) certificates\&. This does not affect CA certificates in the NSS database\&. > .PP > The > \fB\-\-rereadocspcerts\fR >-operation reads all certificate files contained in the /etc/ipsec\&.d/ocspcerts directory and adds them to pluto\(^aÂÂs list of OCSP signer certificates\&. >-.PP >-The >-\fB\-\-rereadacerts\fR >-operation reads all certificate files contained in the /etc/ipsec\&.d/acerts directory and adds them to pluto\(^aÂÂs list of attribute certificates\&. >+operation reads all certificate files contained in the /etc/ipsec\&.d/ocspcerts directory and adds them to pluto\*(Aqs list of OCSP signer certificates\&. > .PP > The > \fB\-\-rereadcrls\fR >-operation reads all certificate revocation list (CRL) files contained in the /etc/ipsec\&.d/crls directory and adds them to pluto\(^aÂÂs list of CRLs\&. >+operation reads all certificate revocation list (CRL) files contained in the /etc/ipsec\&.d/crls directory and adds them to pluto\*(Aqs list of CRLs\&. This does not affect CRLs in the NSS database\&. > .PP > The > \fB\-\-rereadall\fR > operation is equivalent to the execution of \-\-rereadse\- crets, > \fB\-\-rereadcacerts,\fR >-\-\-rereadaacerts, \-\-rereadocspcerts, \-\-rereadac\- erts, and \-\-rereadcrls\&. >+\-\-rereadocspcerts and \-\-rereadcrls\&. > .PP > The > \fB\-\-listpubkeys\fR >@@ -183,26 +183,14 @@ > operation lists all X\&.509 CA certificates either loaded locally from the /etc/ipsec\&.d/cacerts directory or received in PKCS#7\-wrapped certificate payloads via the IKE protocol\&. > .PP > The >-\fB\-\-listaacerts\fR >-operation lists all X\&.509 AA certificates loaded locally from the /etc/ipsec\&.d/aacerts directory\&. >-.PP >-The > \fB\-\-listocspcerts\fR > operation lists all OCSP signer certificates either loaded locally from the /etc/ipsec\&.d/ocspcerts directory or received via the Online Certificate Status Protocol from an OCSP server\&. > .PP > The >-\fB\-\-listacerts\fR >-operation lists all X\&.509 attribute certificates loaded locally from the /etc/ipsec\&.d/acerts directory\&. >-.PP >-The >-\fB\-\-listgropus\fR >+\fB\-\-listgroups\fR > operation lists all groups that are either used in connection definitions in ipsec\&.conf(5) or are embedded in loaded X\&.509 attributes certificates\&. > .PP > The >-\fB\-\-listcainfos\fR >-operation lists the certification authority informa\- tion specified in the ca sections of ipsec\&.conf(5)\&. >-.PP >-The > \fB\-\-listcrls\fR > operation lists all Certificate Revocation Lists (CRLs) either loaded locally from the /etc/ipsec\&.d/crls directory or fetched dynamically from an HTTP or LDAP server\&. > .PP >@@ -216,7 +204,7 @@ > .PP > The > \fB\-\-listall\fR >-operation is equivalent to the execution of \-\-listpubkeys, \-\-listcerts, \-\-listcacerts, \-\-listaacerts, \-\-listoc\- spcerts, \-\-listacerts, \-\-listgroups, \-\-listcainfos, \-\-listcrls, \-\-lis\- tocsp\&. >+operation is equivalent to the execution of \-\-listpubkeys, \-\-listcerts, \-\-listcacerts, \-\-listocspcerts, \-\-listgroups, \-\-listcrls, \-\-listocsp\&. > .PP > The > \fB\-\-showonly\fR >@@ -255,8 +243,6 @@ > for details of the configuration file\&. > .SH "FILES" > .PP >- >-.sp > .if n \{\ > .RS 4 > .\} >diff -Naur openswan-2.6.32-orig/programs/auto/auto.8.xml openswan-2.6.32/programs/auto/auto.8.xml >--- openswan-2.6.32-orig/programs/auto/auto.8.xml 2010-12-17 20:23:54.000000000 -0500 >+++ openswan-2.6.32/programs/auto/auto.8.xml 2014-06-05 12:50:56.241194469 -0400 >@@ -53,7 +53,6 @@ > <command>ipsec</command> > <arg choice='plain'><replaceable>auto</replaceable></arg> > <arg choice='plain'>{ --status | --ready }</arg> >- <arg choice='plain'><replaceable>connection</replaceable></arg> > </cmdsynopsis> > <cmdsynopsis> > <command>ipsec</command> >@@ -75,8 +74,6 @@ > <arg choice='opt'>--listocspcerts | --rereadocspcerts </arg> > <arg choice='opt'>--listocsp | --purgeocsp </arg> > </arg> >- <arg choice='opt'>--listacerts | --rereadacerts </arg> >- <arg choice='opt'>--listaacerts | --rereadaacerts </arg> > <arg choice='opt'>--listgroups | --rereadgroups </arg> > > </cmdsynopsis> >@@ -226,28 +223,19 @@ > change.) > </para> > <para> The <option>--rereadcacerts</option> operation reads all certificate files contained in >- the /etc/ipsec.d/cacerts directory and adds them to plutoâs list of >- Certification Authority (CA) certificates. >-</para> >-<para> The <option>--rereadaacerts</option> operation reads all certificate files contained in >- the /etc/ipsec.d/aacerts directory and adds them to plutoâs list of >- Authorization Authority (AA) certificates. >+ the /etc/ipsec.d/cacerts directory and adds them to pluto's list of >+ Certification Authority (CA) certificates. This does not affect CA certificates in the NSS database. > </para> > <para> The <option>--rereadocspcerts</option> operation reads all certificate files contained >- in the /etc/ipsec.d/ocspcerts directory and adds them to plutoâs list >+ in the /etc/ipsec.d/ocspcerts directory and adds them to pluto's list > of OCSP signer certificates. > </para> >-<para> The <option>--rereadacerts</option> operation reads all certificate files contained in >- the /etc/ipsec.d/acerts directory and adds them to plutoâs list of >- attribute certificates. >-</para> > <para> The <option>--rereadcrls</option> operation reads all certificate revocation list (CRL) > files contained in the /etc/ipsec.d/crls directory and adds them to >- plutoâs list of CRLs. >+ pluto's list of CRLs. This does not affect CRLs in the NSS database. > </para> > <para> The <option>--rereadall</option> operation is equivalent to the execution of --rereadse- >- crets, <option>--rereadcacerts,</option> --rereadaacerts, --rereadocspcerts, --rereadac- >- erts, and --rereadcrls. >+ crets, <option>--rereadcacerts,</option> --rereadocspcerts and --rereadcrls. > </para> > <para> The <option>--listpubkeys</option> operation lists all RSA public keys either received > from peers via the IKE protocol embedded in authenticated certificate >@@ -263,23 +251,14 @@ > loaded locally from the /etc/ipsec.d/cacerts directory or received in > PKCS#7-wrapped certificate payloads via the IKE protocol. > </para> >-<para> The <option>--listaacerts</option> operation lists all X.509 AA certificates loaded >- locally from the /etc/ipsec.d/aacerts directory. >-</para> > <para> The <option>--listocspcerts</option> operation lists all OCSP signer certificates either > loaded locally from the /etc/ipsec.d/ocspcerts directory or received > via the Online Certificate Status Protocol from an OCSP server. > </para> >-<para> The <option>--listacerts</option> operation lists all X.509 attribute certificates >- loaded locally from the /etc/ipsec.d/acerts directory. >-</para> >-<para> The <option>--listgropus</option> operation lists all groups that are either used in >+<para> The <option>--listgroups</option> operation lists all groups that are either used in > connection definitions in ipsec.conf(5) or are embedded in loaded X.509 > attributes certificates. > </para> >-<para> The <option>--listcainfos</option> operation lists the certification authority informa- >- tion specified in the ca sections of ipsec.conf(5). >-</para> > <para> The <option>--listcrls</option> operation lists all Certificate Revocation Lists (CRLs) > either loaded locally from the /etc/ipsec.d/crls directory or fetched > dynamically from an HTTP or LDAP server. >@@ -291,9 +270,7 @@ > mation and pending OCSP fetch requests. > </para> > <para> The <option>--listall</option> operation is equivalent to the execution of >- --listpubkeys, --listcerts, --listcacerts, --listaacerts, --listoc- >- spcerts, --listacerts, --listgroups, --listcainfos, --listcrls, --lis- >- tocsp. >+ --listpubkeys, --listcerts, --listcacerts, --listocspcerts, --listgroups, --listcrls, --listocsp. > </para> > > <para>The >diff -Naur openswan-2.6.32-orig/programs/auto/auto.in openswan-2.6.32/programs/auto/auto.in >--- openswan-2.6.32-orig/programs/auto/auto.in 2010-12-17 20:23:54.000000000 -0500 >+++ openswan-2.6.32/programs/auto/auto.in 2014-06-05 12:54:45.008461467 -0400 >@@ -20,11 +20,11 @@ > $me [--showonly] --{add|delete|replace|down} connectionname > $me [--showonly] --{route|unroute} connectionname > $me [--showonly] --{ready|status|rereadsecrets|rereadgroups} >- $me [--showonly] --{rereadcacerts|rereadaacerts|rereadocspcerts} >- $me [--showonly] --{rereadacerts|rereadcrls|rereadall} >+ $me [--showonly] --{rereadcacerts|rereadocspcerts} >+ $me [--showonly] --{rereadcrls|rereadall} > $me [--showonly] [--utc] --{listpubkeys|listcerts} >- $me [--showonly] [--utc] --{listcacerts|listaacerts|listocspcerts} >- $me [--showonly] [--utc] --{listacerts|listgroups} >+ $me [--showonly] [--utc] --{listcacerts|listocspcerts} >+ $me [--showonly] [--utc] --{listgroups} > $me [--showonly] [--utc] --{listcrls|listocsp|listall} > $me [--showonly] --purgeocsp > >@@ -61,11 +61,11 @@ > argc=1 > ;; > --ready|--status|--rereadsecrets|--rereadgroups|\ >- --rereadcacerts|--rereadaacerts|--rereadocspcerts|\ >- --rereadacerts|--rereadcrls|--rereadall|\ >+ --rereadcacerts|--rereadocspcerts|\ >+ --rereadcrls|--rereadall|\ > --listpubkeys|--listcerts|\ >- --listcacerts|--listaacerts|--listocspcerts|\ >- --listacerts|--listgroups|\ >+ --listcacerts|--listocspcerts|\ >+ --listgroups|\ > --listcrls|--listocsp|--listall|\ > --purgeocsp) > if test " $op" != " " >@@ -91,11 +91,11 @@ > op="--$2" > ;; > 1:ready:|1:status:|1:rereadsecrets:|\ >-1:rereadcacerts:|1:rereadaacerts:|1:rereadocspcerts:|\ >-1:rereadacerts:|1:rereadcrls:|1:rereadall:\ >+1:rereadcacerts:|1:rereadocspcerts:|\ >+1:rereadcrls:|1:rereadall:\ > 1:listpubkeys:|1:listcerts:|\ >-1:listcacerts:|1:listaacerts:|1:listocspcerts:|\ >-1:listacerts:|1:listgroups:|\ >+1:listcacerts:|1:listocspcerts:|\ >+1:listgroups:|\ > 1:listcrls:|1:listocsp:|1:listall:|1:purgeocsp:) > echo "$me: warning: obsolete command syntax used" >&2 > op="--$1" >@@ -134,17 +134,13 @@ > --rereadsecrets) echo "ipsec whack --rereadsecrets" | runit ; exit ;; > --rereadgroups) echo "ipsec whack --listen" | runit ; exit ;; > --rereadcacerts) echo "ipsec whack --rereadcacerts" | runit ; exit ;; >---rereadaacerts) echo "ipsec whack --rereadaacerts" | runit ; exit ;; > --rereadocspcerts) echo "ipsec whack --rereadocspcerts" | runit ; exit ;; >---rereadacerts) echo "ipsec whack --rereadacerts" | runit ; exit ;; > --rereadcrls) echo "ipsec whack --rereadcrls" | runit ; exit ;; > --rereadall) echo "ipsec whack --rereadall" | runit ; exit ;; > --listpubkeys) echo "ipsec whack $utc --listpubkeys" | runit ; exit ;; > --listcerts) echo "ipsec whack $utc --listcerts" | runit ; exit ;; > --listcacerts) echo "ipsec whack $utc --listcacerts" | runit ; exit ;; >---listaacerts) echo "ipsec whack $utc --listaacerts" | runit ; exit ;; > --listocspcerts) echo "ipsec whack $utc --listocspcerts" | runit ; exit ;; >---listacerts) echo "ipsec whack $utc --listacerts" | runit ; exit ;; > --listgroups) echo "ipsec whack $utc --listgroups" | runit ; exit ;; > --listcrls) echo "ipsec whack $utc --listcrls" | runit ; exit ;; > --listocsp) echo "ipsec whack $utc --listocsp" | runit ; exit ;;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=902601">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1105179
: 902601