| Summary: | ipsec newhostkey generates false configuration | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Aleš Mareček <amarecek> |
| Component: | libreswan | Assignee: | Paul Wouters <pwouters> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Aleš Mareček <amarecek> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.0 | CC: | amarecek, pkis |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 11:49:01 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Aleš Mareček
2013-12-09 17:11:41 UTC
I'm pretty sure this is what happened: 1) you installed a VM low on entropy 2) you can newhostkey 3) you waited for a while, and ctrl-c'ed it 4) you ran it again, now waiting longer 5) corrupt file Do this on a clean VM instead: ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.secrets --bits 4096 --random /dev/urandom Nope, different machine and same "hostname" string: [0 root@auto-ppcp-005 ~]# cat /etc/ipsec.secrets include /etc/ipsec.d/*.secrets : PSK "secret123" [0 root@auto-ppcp-005 ~]# ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.secrets --bits 4096 --random /dev/urandom Generated RSA key pair using the NSS database [0 root@auto-ppcp-005 ~]# ipsec showhostkey --list ipsec showhostkey "/etc/ipsec.secrets" line 2: premature end of RSA key ipsec showhostkey "/etc/ipsec.secrets" line 3: premature end of RSA key ipsec showhostkey ERROR "/etc/ipsec.secrets" line 3: index "hostname" does not look numeric and name lookup failed (no validation performed) ipsec showhostkey ERROR "/etc/ipsec.secrets" line 3: index "is" does not look numeric and name lookup failed (no validation performed) ipsec showhostkey ERROR "/etc/ipsec.secrets" line 3: index "'auto-ppcp-005.<- SNIP ->'" illegal (non-DNS-name) character in name ipsec showhostkey ERROR "/etc/ipsec.secrets" line 7: index "Modulus" does not look numeric and name lookup failed (no validation performed) ipsec showhostkey "/etc/ipsec.secrets" line 7: unrecognized key format: 0xe55e2c8d437d99a7b0b986b4e3f9f25b679caf872a9aabd63c7cf01c7bd9d626a0cac85c328d5630552a99a90e6a77be0a14845d9f9dc0be2cd6b1246ce8edb267b7279396a632294aafbe2e542ce992c9a862178a55f72d87ef0af235a1f37c3c2ac1c9e2eb495d05c07fa27e679ac01460cbd4d9aefcbcd42f59e9cebd97a0965d21be89e17b8c88af0e41c9123fde20e959584bd4d0024cb828cb25f1113d8a3c21d527bd5f1d71ff976b6662615d17644faa647383ecbc87396ca889933c7f4e794a3dbd282bf273b6061a0778f8964855b246fbd47fe1ca23bcd30fbb74b2afe9eeff35800b86c565b45845c77c80d503eb838c7295e9b94d302b4fd13fb7a64a4730c422639e054cf288f18c4caf7c28b0e0fb7e728f5ad5c3a9e9f14a6409c3096d61e7f7dc5ab1c01c65cf62872cced51e522e3b7ec42df3dd0b037f89b449d442be46315bbe77a633fd5ea39bc9899c5a6bcea4abb2c4395a0cb2f969aa0a05a Btw: my box and the ppc aren't VMs. Odd. I just reproduced this. Looking into it now...... diff --git a/programs/rsasigkey/rsasigkey.c b/programs/rsasigkey/rsasigkey.c
index 46d34bd..a1349fa 100644
--- a/programs/rsasigkey/rsasigkey.c
+++ b/programs/rsasigkey/rsasigkey.c
@@ -351,7 +351,6 @@ int main(int argc, char *argv[])
strerror(errno));
exit(1);
}
- fprintf(stdout,"hostname is '%s'\n",outputhostname);
}
if (!configdir) {
This fix will be in libreswan-3.7 that I'm releasing today - you should have a new build later today as well.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |