| Summary: | NSS: DH private key creation failed | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Richard Pickett <Richard.Pickett> | ||||||
| Component: | openswan | Assignee: | Avesh Agarwal <avagarwa> | ||||||
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 6.3 | CC: | giuseppe.ragusa, jrieden | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2012-01-16 18:15:33 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Attachments: |
|
||||||||
Created attachment 515126 [details]
plutodebug=all output in /var/log/secure
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative. This bug is still present in latest RHEL 6.4.
I can confirm that a rebuild of the source openswan package WITHOUT NSS DOES NOT present the aforementioned bug.
Furthermore, as Bugzilla help suggests:
NOTABUG
The problem described is not a bug. An explaination of why this resolution has been chosen should be supplied.
The "explaination" is sorely missing.
Mr Avesh Agarwal should either present the aforementioned "explaination" or reopen this bug and get it fixed for real.
|
Created attachment 515125 [details] ipsec configuration files Description of problem: When client connects to vpn handshake gets to the point of this message and pluto decides to restart itself. Version-Release number of selected component (if applicable): 2.6.21 How reproducible: every time Steps to Reproduce: 1. create ca, create and sign 1 server cert using openssl. 2. add ca and cert to nss database w/ -d of /etc/ipsec.d 3. Configure as attached 4. /etc/init.d/ipsec start 5. connect w/ shrewsoft client configured with another signed cert of the same ca