New commits:
commit e756443630f8350619134d9d18cb63611de29e48
Author: Andrew Cagney <[email protected]>
Date: Tue Dec 3 14:26:50 2024 -0500
ikev2: when IKE_SESSION_RESUME TICKET_NACK try IKE_SA_INIT
it can't be worse than trusting INVALID_KE
close #1957 trust unsecured IKE_SESSION_RESUME response containing
TICKET_NACK notification?
commit 48dab425b8b13c94585bd61ad06bef22788ec8d7
Author: Andrew Cagney <[email protected]>
Date: Tue Dec 3 13:47:03 2024 -0500
ikev2: re-work IKE_SESSION_RESUME expiration
- take session resume key lifetime into account
- log tickets lifetime on responder
commit 12871d5f89238bd44c47ee50b0fafb012348c995
Author: Andrew Cagney <[email protected]>
Date: Tue Dec 3 11:39:40 2024 -0500
ikev2: roll over the IKE_SESSION_RESUME keys every hour
use the hourly timer (easier than adding a new config param et.al.)
keep current and previous key (i.e., two hours worth)
close #1949 refresh the IKE_SESSION_RESUME encryption key
commit c30ed52eb357cd12600a3a88d4c6d395ada9eb99
Author: Andrew Cagney <[email protected]>
Date: Tue Dec 3 13:03:28 2024 -0500
ikev2: respond to bogus IKE_SESSION_RESUME ticket with v2N(TICKET_NACK)
commit b0958ad7fcae37642b57c570cfdd25a94c3a8551
Author: Andrew Cagney <[email protected]>
Date: Tue Dec 3 12:58:34 2024 -0500
testing: add WIP ikev2-resume-03-rollover for #1957 and #1949
commit d5d33ed62390a3b562d2d58d4884aa7bf0220aac
Author: Andrew Cagney <[email protected]>
Date: Tue Dec 3 13:45:56 2024 -0500
time: fill in some realtime_*() functions
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
