Bug 168391 - default host key not found via "include" directive in /etc/ipsec.secrets
Summary: default host key not found via "include" directive in /etc/ipsec.secrets
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openswan
Version: 4
Hardware: i686
OS: Linux
medium
low
Target Milestone: ---
Assignee: Steve Conklin
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-09-15 16:40 UTC by Chris Hapgood
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-10-19 20:25:29 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Chris Hapgood 2005-09-15 16:40:30 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Tablet PC 1.7)

Description of problem:
After a vanilla installation of openswan and ipsec-tools on FC4, the default host key is not found.  I expected the default host key to be found in the /etc/ipsec.d/hostkey.secrets file via the "include" directive in /etc/ipsec.secrets.

This behavior can be seen when running "ipsec verify" or "ipsec showhostkey --left"

The output of the showhostkey command is as follows:

            ipsec showhostkey: no default key in "/etc/ipsec.secrets"

The /etc/ipsec.secrets file exists and contains the following single line:

            include /etc/ipsec.d/*.secrets

In the /etc/ipsec.d directory, there is a file "hostkey.secrets" that contains an RSA key that appears to have been generated when I installed openswan.

If I link this hostkey.secrets file into /etc/ipsec.secrets, the error disappears.

Version-Release number of selected component (if applicable):
openswan-2.3.1-2 & ipsec-tools-0.5-4

How reproducible:
Always

Steps to Reproduce:
1.Install openswan.
2.Run "ipsec verify"
  

Actual Results:  Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]


Expected Results:  Checking for RSA private key (/etc/ipsec.secrets)               [OK]


Additional info:

The same problem has appeared on two systems.

Comment 1 Harald Hoyer 2006-06-14 12:22:02 UTC
------- Additional Comments From jferraz.br  2006-06-12 21:13 EST
-------
Same problem is still present in Fedora Core 5.

Comment 2 Christian Iseli 2007-01-22 10:36:30 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.

Comment 3 Paul Wouters 2007-10-19 20:25:29 UTC
From openswan 2.4.7's CHANGED file:

* Support Fedora style default RSA hostkey [paul]

This is specifically addressing the include wildcard issue and generating new
host keys on first start.


Note You need to log in before you can comment on or make changes to this bug.