New commits:
commit ca99295e0df6bd61dc7300800a3bba55374634f0
Author: Paul Wouters <[email protected]>
Date: Wed Dec 24 13:29:52 2014 -0500
IKEv2: Support for INVALID_KE DH group re-transmits
As responder, send a proper INVALID_KE with an acceptable DH group as
notify payload (instead of returning NO_PROPOSAL_CHOSEN)
As initiator, receive the DH group in the INVALID_KE, look up if the
group is acceptable, and if so, re-initiate with a new KE payload.
- expose the default_ike_groups to pick a last-effort DH group
- added the following functins:
void send_v2_notification_invalid_ke(struct state *st)
bool modp_in_propset(oakley_group_t received, struct alg_info_ike
*ai_list)
oakley_group_t first_modp_from_propset(struct alg_info_ike *ai_list)
stf_status crypto_helper_build_ke(struct state *st)
clear_dh_from_state(struct state *st)
- cleanup some duplicate code
- add comment and log about excessive calling of sa_v2_convert()
- check spisize before the switch(), as it applies to all notify
payloads
- Support for in_struct() reading a notify payload [Hugh]
- Removed some dead code [Hugh]
- Notify chunk building [Hugh]
commit f422db57057d8b72afa8db30bf0b1202f6e08dc6
Author: Paul Wouters <[email protected]>
Date: Wed Dec 24 13:28:36 2014 -0500
testing: delete old interop-ikev2-strongswan-25-ke-mismatch
commit 345aa38ca04b671f704bd6d82718d9390bea7897
Author: Paul Wouters <[email protected]>
Date: Wed Dec 24 13:27:41 2014 -0500
testing: Added INVALID_KE test cases
ikev2-21-invalid-ke
interop-ikev2-strongswan-25-ke-mismatch-initiator
interop-ikev2-strongswan-26-ke-mismatch-responder
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
