the bitrig pedro_iked_crash branch has been created by pedro. it is 0 commits behind master, and 1 commit ahead.
commit 4fad89614fcf56999e401565fd1135b5b04b5e16 diff: https://github.com/bitrig/bitrig/commit/4fad896 author: pedro martelletto <[email protected]> date: Fri Dec 5 07:45:09 2014 +0100 fix intermittent iked crashes in ca_reload(), set iovcnt according to the number of iov entries filled. there are four cases we need to be concerned with: 1. certificate revocation lists (CRLs) have been configured in this case, we load the CRLs and issue one IMSG_CERTREQ message to the ikev2 process with the list of revoked certificates. (iovcnt = 2) 2. valid certificates have been configured in this case, we load the certificates and issue one IMSG_CERTREQ message to the ikev2 process with the list of valid certificates. (iovcnt = 1) 3. CRLs *and* valid certificates have been configured in this case, we load the CRLs and issue one initial IMSG_CERTREQ message to the ikev2 process with the list of revoked certificates, i.e we do step 1. however, we also do step 2, with a twist: we send a second IMSG_CERTREQ message to the ikev2 process with a list of revoked certificates *and* a list of valid certificates. ikev2 discards previously received IMSG_CERTREQ messages once it receives a new one, so this works. (iovcnt = 2 for both messages) 4. no CRLs and no valid certificates have been configured in this case, we send an empty IMSG_CERTREQ message to the ikev2 process. (iovcnt = 1) M sbin/iked/ca.c
