New commits:
commit 13ea65300db065dbe59ae4de44f8e340b73e511e
Merge: 3a228bd b817638
Author: Andrew Cagney <[email protected]>
Date: Thu Feb 8 10:02:39 2018 -0500
ikev2: when AUTH dh/crypt fail in the responder, delete the IKE SA
and send v2N_INVALID_SYNTAX as the notification error.
Merge commit 'b817638ed9edecda5ebba7c786739bc7778858f5'
commit b817638ed9edecda5ebba7c786739bc7778858f5
Author: Andrew Cagney <[email protected]>
Date: Thu Feb 8 09:38:18 2018 -0500
testing: in ikev2-45-impair-gx-01, expect failed DH to send
v2N_INVALID_SYNTAX
commit 2f5d36e06edc8d686f69db269257aa3e7c8baea7
Author: Andrew Cagney <[email protected]>
Date: Tue Feb 6 16:08:45 2018 -0500
ikev2: if DH or crypto fail, send back v2N_INVALID_SYNTAX and delete the
IKE SA
For failed DH, old code would send an empty v2N_INVALID_KE
and then leave the SA half up. This ment any re-transmit
would hit an IKE SA in a bogus state.
Rather than invent STF_FATAL+v2N or add some flag to STF_FAIL+v2N
(it tried to use that but the behaviour wasn't as intended), the
code simply sends the notify inline.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
