[Bug 1216564] New: Missing directory /usr/share/ca-certificates for charon
https://bugzilla.suse.com/show_bug.cgi?id=1216564 Bug ID: 1216564 Summary: Missing directory /usr/share/ca-certificates for charon Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: x86-64 OS: openSUSE Leap 15.5 Status: NEW Severity: Major Priority: P5 - None Component: Network Assignee: screening-team-bugs@suse.de Reporter: keitarobr@gmail.com QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- charon-nm is looking for certificates at /usr/share-ca-certificates, but this directory does not exist. Thus it can't validate a valid certificate for an IPSec/IKEv2 VPN server (does not find the GlobalSign root certificates). I solved the issue issuing the following command: sudo ln -s /var/lib/ca-certificates/pem /usr/share/ca-certificates -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216564 https://bugzilla.suse.com/show_bug.cgi?id=1216564#c2 Bjørn Lie <bjorn.lie@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bjorn.lie@gmail.com |mohd.saquib@suse.com --- Comment #2 from Bjørn Lie <bjorn.lie@gmail.com> --- (In reply to Chenzi Cao from comment #1)
Fairly sure this comes from Strongswan-nm -> moving to Strongswan bugowner -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1216564 https://bugzilla.suse.com/show_bug.cgi?id=1216564#c11 B Nikolic <bojan+suse@bnikolic.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bojan+suse@bnikolic.co.uk --- Comment #11 from B Nikolic <bojan+suse@bnikolic.co.uk> --- I came across this bug using MircoOS. The issue is that strongswan has a configure option --with-nm-ca-dir (see documentation https://docs.strongswan.org/docs/5.9/features/networkManager.html) which, if not otherwise set, defaults to /usr/share-ca-certificates which seems not to be the right place for SUSE. Should be fixable by adding --with-nm-ca-dir=/var/lib/ca-certificates/pem to the configure section of strongswan.spec , e.g. somewhere around line 306 of https://build.opensuse.org/projects/openSUSE:Leap:15.5:Update/packages/stron.... I hope that helps, I don't have a test server or anything to try this but analysis of source code suggests this is the root cause. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com