Package: racoon Version: 0.6-1 Severity: normal Tags: patch
Parser checks if multiple getcert methods are defined in the config file, but forget PAYLOAD is the defaut now and an undefined method is not possible anymore. The DNSSEC parse code is fixed in the following patch.
--- orig/ipsec-tools-0.6/src/racoon/cfparse.y 2005-05-10 11:45:45.000000000 +0200
+++ ipsec-tools-0.6/src/racoon/cfparse.y 2005-07-14 19:40:09.687126776 +0200
@@ -1233,8 +1233,10 @@
EOS
| PEERS_CERTFILE DNSSEC
{
- if (cur_rmconf->getcert_method) {
- yyerror("Different peers_certfile method already defined!\n");
+ if (cur_rmconf->getcert_method != ISAKMP_GETCERT_PAYLOAD) {
+ yyerror("Different peers_certfile method "
+ "already defined: %d!\n",
+ cur_rmconf->getcert_method);
return -1;
}
cur_rmconf->getcert_method = ISAKMP_GETCERT_DNS;
-- Marc Dequènes (Duck)
pgpETFV2yZWHI.pgp
Description: PGP signature
