On Sun, 19 Dec 2021 at 21:42, Andrew Cagney <andrew.cag...@gmail.com> wrote:
>
> > > ================
> > >
> > > if (peer_id != NULL && !same_id(peer_id, &c->spd.that.id) &&
> > > (c->spd.that.id.kind != ID_FROMCERT && !id_is_any(&c->spd.that.id))) {
> > > continue; /* incompatible ID */
> > > }
>
> More coffee. I think this and the peer_id parameter should be deleted.
> - the IKE_SA_INIT passes peer_id==NULL
> - IKE_AUTH already does too much ID magic in too many places, above is
> a distraction
> - Child SA, is same
Too much coffee (is this like too cold to go to the mall?).
I tossed a heap of the host-pair code including what was a problem
here. For instance, it turns out that IKEv2 was trying to match an ID
that wasn't there (which, fortunately, ment it was NULL). The
recursion has also gone.
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
