New commits:
commit 75ae4c0b82a91f7aecba95d91b481be505582b1c
Author: Andrew Cagney <[email protected]>
Date: Fri May 10 13:47:07 2019 -0400
ikev2: when PAM fails immediately delete the state using STF_FATAL
Presumably when the MITM fails to prove their credentials the first
time it's unlikely they will succeed with their second attempt. Stops
a retransmit going through the same code path triggering a PEXPECT.
Also tweak the cert code path that was triggering the PEXPECT to fail
immediately when re-called.
The code was returning STF_FAIL+v2N which does nothing to the state.
Add note suggesting code should return STF_ZOMBIFY - where
complete_v2_state_transition() sends the now recorded auth-failed
notification and transitions the state to zombie. That way it can
linger, responding to any duplicate and equally invalid auth requests.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
