Subject: Re: "racoon" installation
To: Bernd Ernesti <netbsd@arresum.inka.de>
From: None <itojun@iijlab.net>
List: tech-security
Date: 03/03/2000 18:55:15
by redmail.netbsd.org with SMTP; 3 Mar 2000 09:55:54 -0000
by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id SAA01172;
Fri, 3 Mar 2000 18:55:15 +0900 (JST)
To: Bernd Ernesti <netbsd@arresum.inka.de>
cc: tech-security@netbsd.org
In-reply-to: netbsd's message of Fri, 03 Mar 2000 09:44:28 +0100.
<200003030844.JAA03157@arresum.inka.de>
Subject: Re: "racoon" installation
From: itojun@iijlab.net
Date: Fri, 03 Mar 2000 18:55:15 +0900
Message-ID: <1170.952077315@coconut.itojun.org>
>> Hello.
>> KAME racoon (IKE daemon) is trying to improve certificate support.
>> Use of RSA is very popular for X.509 certificates. Therefore, with
>> plain installation of NetBSD-current with crypto-{us,intl}, racoon
>> cannot support certificates. It would be a bit pity situation.
>That can be fixed when you use PATENTEDOPENSSLSRC in /etc/mk.conf.
>If thats not enough, then we have to provide more support to fix the problem.
What process we would need to install files for PATENTEDOPENSSLSRC
configuration? Where can I find documentation on it? I believe
it requires non-trivial process, like swapping
crypto-{intl,us}/dist/openssl by plain openssl (correct?).
It looks to be something not everyone can do without mistake.
itojun