New commits:
commit 872c2905fb372e5f163ed8bae5dc2ae6c8bdec3e
Author: Andrew Cagney <[email protected]>
Date: Mon Mar 19 18:49:43 2018 -0400
ikev2: treat any error notification (including NO_PROPOSAL_CHOSEN) in AUTH
replay as fatal
RFC says log unknown status notifications while unknown error
notifications should be treated as fatal.
For NO_PROPOSAL_CHOSEN in the auth response (where auth passed but
the child sa fails), pluto should probably respond by initiating
a delete IKE SA. It didn't instead retrying the auth ...
This patch the behaviour to instead fail (like for failed auth
which isn't good, but hopefully better).
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
