On 22 June 2017 at 19:04, Oleg Rosowiecki <[email protected]> wrote: > Speaking of the algorithm rename... Is there any reason behind accepting > only the value of "dh21" for ike= and allowing only "ecp_521" for phase2alg?
I didn't know about that quirk - the recent changes have been unifying the lookup while largely ignoring the parser. The final round will be merged post 3.21. A quick test shows the current code behaves as follows: ike: [ aes-sha1;dh21] OK: AES_CBC(7)_000-SHA1(2)-ECP_521(21) esp: [ aes-sha1;dh21] OK: AES(12)_000-SHA1(2); pfsgroup=ECP_521(21) but: ike/esp: [ aes-sha1;ecp_521] ERROR: Non alphanum char found after in modp string, just after "aes-sha1;ecp" (state=ST_AK) [ aes-sha1;ecp_521] ERROR: Non alphanum char found after in modp string, just after "aes-sha1;ecp" (state=ST_AK) so things are at least consistent (and dh21 is the preferred name). I'll tweak the parser. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
