Hi Gerd, > So I created the attached patch with a workaround for Android: > strongswan then accepts one extra null byte at the end of the secret.
Thanks for the patch. I pushed an equivalent but slightly modified fix to master (see [1]). > I don't think this weakens security as no sane configuration would allow a > nullbyte in a password. Yeah, probably not. So this could theoretically also be fixed directly when reading the XAuth password from the payload. But that would break if someone already configured secrets with null-bytes at the end. > <rant>Why in hell did stupid Google chose a buggy patched racoon over > strongswan? They could have had IKEv2, a working MOBIKE implementation, EAP- > AKA,...</rant> Could be a licensing thing (see [2]). IPsec-Tools (racoon) is licensed under a more permissive BSD license. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7d85bebc [2] http://source.android.com/source/licenses.html _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
