Openswan 2.6.21-4 in Fedora 11 has NSS crypto library enabled by default. This breaks the existing certificate and key configuration after an upgrade from Fedora 10.
Does anyone know how to either disable NSS for Openswan by a configuration change without having to recompile Openswan or alternatively how to import existing certs and keys into NSS so that a current Openswan road warrior configuration can continue to be used?
I ask this question here rather than the Openswan Forum because Openswan use of NSS is very sparsely documented and does not appear to be an active topic in the Openswan lists. It looks like Fedora developers have taken this decision before the Openswan team have given NSS and FIPS much consideration at all. There is no mention of the change in the Release Notes for Fedora 11. I would not have upgraded if I had known this change to Openswan in Fedora 11 had been made. But there must be many more users like me for whom Openswan is a critical app so maybe we need to find a solution to enable Fedora 11 to remain compatible with existing networks.