New commits:
commit 226a8330f8c9a5a4b74222e9749b888475caf078
Author: Andrew Cagney <[email protected]>
Date: Tue Mar 30 16:08:38 2021 -0400
ikev1: re-tweak "starting keying attempt 2 of at most 1" tweak
It turns out that the code relies on the IKEv1 initial responder
(probably an IKEv2 term) having ry==0 to supress that end
retrying after retransmits fail. Adding 1 too early broke this.
Instead change try<=limit to try<limit.
basic-pluto-01-nokey linux-audit-02-ike-fail linux-audit-03-ipsec-fail
pass.
(Since IKEv2's responder never retransmits it doesn't suffer from
this problem).
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
