Bug 1265410
| Summary: | libreswan should support strictcrlpolicy alias for crl-strict= option to support openswan migration | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Paul Wouters <pwouters> | |
| Component: | libreswan | Assignee: | Paul Wouters <pwouters> | |
| Status: | CLOSED ERRATA | QA Contact: | Jaroslav Aster <jaster> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.8 | CC: | jaster, mrogers, omoris, pwouters | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1267370 (view as bug list) | Environment: | ||
| Last Closed: | 2016-05-11 00:15:57 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1267370, 1271982 | |||
Paul, I guess this is included in the released 6.7.4 version of libreswan (3.15-5.el6), is that correct? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0890.html |
[ set temporarily to openswan component, since libreswan component for rhel6 is not yet available in bugzilla ] libreswan should support strictcrlpolicy alias for crl-strict= option to support openswan migration The patch for this is trivial (upstream git commit 285f4d9110a) diff --git a/lib/libipsecconf/keywords.c b/lib/libipsecconf/keywords.c index f514856..ce72bb1 100644 --- a/lib/libipsecconf/keywords.c +++ b/lib/libipsecconf/keywords.c @@ -383,6 +383,7 @@ const struct keyword_def ipsec_conf_keywords_v2[] = { { "ocsp-trustname", kv_config, kt_string, KSF_OCSPTRUSTNAME, NOT_ENUM }, { "crlcheckinterval", kv_config, kt_time, KBF_CRLCHECKINTERVAL, NOT_ENUM }, { "crl_strict", kv_config | kv_alias, kt_bool, KBF_STRICTCRLPOLICY, NOT_ENUM }, /* obsolete _ */ + { "strictcrlpolicy", kv_config | kv_alias, kt_bool, KBF_STRICTCRLPOLICY, NOT_ENUM }, /* obsolete used on openswan */ { "ocsp_strict", kv_config | kv_alias, kt_bool, KBF_STRICTOCSPPOLICY, NOT_ENUM }, /* obsolete _ */ { "ocsp_enable", kv_config | kv_alias, kt_bool, KBF_OCSPENABLE, NOT_ENUM }, /* obsolete _ */ { "ocsp_uri", kv_config | kv_alias, kt_string, KSF_OCSPURI, NOT_ENUM }, /* obsolete _ */