New commits:
commit cd61a32dd8054710babd2f14cf2933f827c331d6
Author: Andrew Cagney <[email protected]>
Date: Wed Dec 5 11:14:45 2018 -0500
ikev2: respond to 'corrupt' KE with v2N_INVALID_SYNTAX, not
INVALID_KEY_INFORMATION
Pass KE's payload_digest to accept_KE() and return bool, that way callers
can decide which notification to use. Treat a NULL KE payload_digest as
an error (for instance a CREATE_CHILD_SA exchange where PFS was negotiated).
Have IKEv2 responder explicitly send the notification (don't rely on
convoluted STF_FAIL+v2N return path). For IKEv2 initiator, still
return STF_FAIL_v2N but note that it is somewhat pointless - either
STF_FATAL or STF_IGNORE is probably better.
Merge in accept_child_sa_KE() - caller can specify where to store KE.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
