Bug 1265410 - libreswan should support strictcrlpolicy alias for crl-strict= option to support openswan migration
libreswan should support strictcrlpolicy alias for crl-strict= option to supp...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libreswan (Show other bugs)
6.8
All Linux
high Severity high
: rc
: ---
Assigned To: Paul Wouters
Jaroslav Aster
:
Depends On:
Blocks: 1271982 1267370
  Show dependency treegraph
 
Reported: 2015-09-22 16:39 EDT by Paul Wouters
Modified: 2016-05-10 20:15 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1267370 (view as bug list)
Environment:
Last Closed: 2016-05-10 20:15:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Wouters 2015-09-22 16:39:37 EDT
[ set temporarily to openswan component, since libreswan component for rhel6 is not yet available in bugzilla ]


libreswan should support strictcrlpolicy alias for crl-strict= option to support openswan migration

The patch for this is trivial (upstream git commit 285f4d9110a)

diff --git a/lib/libipsecconf/keywords.c b/lib/libipsecconf/keywords.c
index f514856..ce72bb1 100644
--- a/lib/libipsecconf/keywords.c
+++ b/lib/libipsecconf/keywords.c
@@ -383,6 +383,7 @@ const struct keyword_def ipsec_conf_keywords_v2[] = {
        { "ocsp-trustname",     kv_config, kt_string,    KSF_OCSPTRUSTNAME, NOT_ENUM },
        { "crlcheckinterval", kv_config, kt_time,     KBF_CRLCHECKINTERVAL, NOT_ENUM },
        { "crl_strict", kv_config | kv_alias, kt_bool,      KBF_STRICTCRLPOLICY, NOT_ENUM }, /* obsolete _ */
+       { "strictcrlpolicy", kv_config | kv_alias, kt_bool,      KBF_STRICTCRLPOLICY, NOT_ENUM }, /* obsolete used on openswan */
        { "ocsp_strict", kv_config | kv_alias, kt_bool,      KBF_STRICTOCSPPOLICY, NOT_ENUM }, /* obsolete _ */
        { "ocsp_enable", kv_config | kv_alias, kt_bool,      KBF_OCSPENABLE, NOT_ENUM }, /* obsolete _ */
        { "ocsp_uri", kv_config | kv_alias, kt_string,    KSF_OCSPURI, NOT_ENUM }, /* obsolete _ */
Comment 3 Ondrej Moriš 2016-03-02 08:11:29 EST
Paul, I guess this is included in the released 6.7.4 version of libreswan (3.15-5.el6), is that correct?
Comment 6 errata-xmlrpc 2016-05-10 20:15:57 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0890.html

Note You need to log in before you can comment on or make changes to this bug.