[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd & ca cert woes

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: isakmpd & ca cert woes
From: Philipp Buehler <lists_(_at_)_fips_(_dot_)_de>
Date: Thu, 12 Jul 2001 07:52:35 +0200
Cc: Damien Miller <djm_(_at_)_mindrot_(_dot_)_org>
Mail-followup-to: tech_(_at_)_openbsd_(_dot_)_org, Damien Miller <djm_(_at_)_mindrot_(_dot_)_org>
Reply-to: Philipp Buehler <lists_(_at_)_fips_(_dot_)_de>

On 11/07/2001, Damien Miller <djm_(_at_)_mindrot_(_dot_)_org> wrote To tech_(_at_)_openbsd_(_dot_)_org:
> I couldn't for the life of me figure out why authentication was failing
> (with error "rsa_sig_decode_hash: received CERT can't be validated"),
> until I synced the clocks.

error-messages :P

Wouldn't it possible to give the reason *why* the validation failed?
Or is the time already in a whole hashchunk, so it cant be determined
which part is wrong?

I had a similar problem w/ TSIG based nsupdates (yes, this is a problem
of ISC, not OpenBSD) which failed if client and server are not in sync
w/ their systemclock. And it also just said "failed"

ciao
-- 
Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH | <double-p> 

#1: Break the clue barrier!
#2: Already had buzzword confuseritis ?

Prev by Date: Watchdog timeout (one last try)
Next by Date: weird network problem between 2.9-stable machines
Previous by thread: Watchdog timeout (one last try)
Next by thread: weird network problem between 2.9-stable machines
Index(es):
- Date
- Thread

Visit your host, monkey.org