New commits:
commit d8325d2249885bc3e2d697843cf8879d63125d1d
Merge: a99a6b94cf f7d6e54417
Author: Andrew Cagney <[email protected]>
Date: Thu May 15 16:03:38 2025 -0400
Merge libipsecconf: pass keyexchange= and ikev2= to pluto as strings
close #2224 handle ikev2= and keyexchange= in pluto
note: because authby= isn't being handled by pluto, the test
addconn-22-authby-hash-algo shows differences; these should
be fixed by:
#2225 handle sighash_policy= and authby= in pluto
note: because pluto can't see that a connection picked up ikev2=
or keyexchange= from:
conn %default
keyexchange=...
never-negotiate connections now warn about inheriting
the above
commit f7d6e54417f7ff33689513804123360a25efe042
Author: Andrew Cagney <[email protected]>
Date: Thu May 15 09:40:46 2025 -0400
testing: update ikev2= vs keyexchange= vs authby= vs never-negotiate tests
Because authby= is still being parsed in addconn, some error messages
are hobbled. See:
#2225 handle sighash_policy= and authby= in pluto
Because pluto can't see keyexchange= was set using %default, it gets
a warning when combined with never-negotiate.
commit f98c6af2d9c8cc43cef7e37e8c89316d64581e59
Author: Andrew Cagney <[email protected]>
Date: Thu May 15 10:03:24 2025 -0400
libipsecconf: pass ikev2= and keyexchange= to pluto as strings
commit 82e29c32746fdc9e6de0ea0031cd79d0becdb8b4
Author: Andrew Cagney <[email protected]>
Date: Wed May 14 17:22:50 2025 -0400
connections: set config .ike_version in extract_connection()
i.e., after the connection has been created and the connection's
logger is live.
This way an invalid .ike_version can be logged against its
connection (the assumption that whack_message .ike_version is
"stuff that can't fail!" is about to be broken).
commit eec0c35c2bc2e8c365abaf006c92289484d95cda
Author: Andrew Cagney <[email protected]>
Date: Wed May 14 21:46:05 2025 -0400
connections: define separate IKEv[12] authby= defaults
IKEv1 doesn't do .ecdsa or .rsasig_v1_5 so don't set them
commit b050eb30b00bf5763d9fd9c0fabe48c003174f8e
Author: Andrew Cagney <[email protected]>
Date: Thu May 15 10:09:28 2025 -0400
libipsecconf: make {keyexchange,ikev2}_option_names public
commit badbb0b8a203532b0e8b103744ee245beb8344f8
Author: Andrew Cagney <[email protected]>
Date: Thu May 15 09:59:23 2025 -0400
testing: let xfrm-passthrough-0[0-3] default to IKEv2
Drop %default keyexchange=ikev1 which attracts a distracting
warning on never-negotiate connections.
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
