New commits:
commit 66d25f840814117657a9c61e5c350f8d5d9d2143
Author: Andrew Cagney <[email protected]>
Date: Mon Mar 21 13:45:46 2022 -0400
testing: in ikev2-x509-ecdsa-03-legacy, drop --impair
force-v2-auth-method:legacy-ECDSA on responder
code auto detects this
commit db4658e6cf49599cc637d715d95db65f9445f122
Author: Andrew Cagney <[email protected]>
Date: Mon Mar 21 13:44:48 2022 -0400
ikev2: in ikev2_responder_decode_initiator_id(), when legacy ECDSA, look
for ecdsa connection
commit a97f20abab7c1ec2b79bb1cdca59745ee2b0b8ee
Author: Andrew Cagney <[email protected]>
Date: Mon Mar 21 13:27:23 2022 -0400
testing: in ikev2-digsig-04-mismatch, expect AUTHENTICATION_FAILED response
commit 6c3e2a6b37612f017c4982de406a79fa432d8a46
Author: Andrew Cagney <[email protected]>
Date: Sun Mar 20 09:05:01 2022 -0400
ikev2: cross-check that the auth method matches policy
For instance when RSA_DIGITAL_SIGNATURE, check for SHA1+RSA_<legacy>
This also fixes ikev2-digsig-04-mismatch which had:
east:authby=rsa-sha2
west:authby=rsa-sha1
the old code:
- accepted west's RSA_DIGITAL_SIGNATURE
- only tripped up while building the AUTH response payload
(the initiator doesn't accept DIGITAL_SIGNATURE method)
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
