New commits:
commit 816e4b8b256bc19d942369cef0ec64e691e6f0a0
Author: Paul Wouters <[email protected]>
Date: Sun Jun 23 19:23:20 2019 -0400
IKEv2: re-instate NO_PROPOSAL_CHOSEN when we do not find any connection
As per feedback from the IPSEC WG:
Tero said:
If both implementations work correctly you should NEVER send
INVALID_SYNTAX error. That always means there is programming
error in one of the implementations.
[...]
We discussed this, but decided that we want to keep error
codes limited, not to leak out information what is wrong in
the configuration. So you get same NO_PROPOSAL_CHOSEN error
notification regardless whether your algorithm list does not
match, or whether the ip is unknown, or whether the identity of
the other end is unknown.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
