New commits:
commit b23eeaafea215bc90876d9200dbf2b1b71fe3b6d
Author: Andrew Cagney <[email protected]>
Date: Tue Oct 25 10:15:49 2022 -0400
ikev2: enforce modecfg.server requiring a CP request
When is CP allowed?
A request for such a temporary address can be included in
any request to create a Child SA (including the implicit
request in message 3) by including a CP payload.
When is CP required?
In the case where the IRAS's [IPsec Remote Access Server]
configuration requires that CP be used for a given
identity IDi, but IRAC has failed to send a
CP(CFG_REQUEST), IRAS MUST fail the request, and
terminate the Child SA creation with a FAILED_CP_REQUIRED
error.
expect OE carnage #896 #897
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
