It turns out that, when phase2=ah (i.e., POLICY_AUTHENTICATE), IKEv1's
defaults, since before the start of time have been:
static struct db_prop_conj ah_props[] = {
{ AD(ah_pc) },
#ifdef SUPPORT_ESP_NULL
{ AD(espnull_pc) }
#endif
};
I.e., in addition to AH, emit an ESP proposal with no encryption.
It's just that it never worked.
Should the second line be dropped?
Andrew
On Thu, 4 Oct 2018 at 18:02, Andrew Cagney <[email protected]> wrote:
>
> > In the current code NEXT in the first payload is patched up so the
> > second proposal is be visible. Am trying east:phase2=esp
>
> Yea, that went a little too well :-(
>
> I'm testing the attached to mitigate this new problem, hopefully it
> goes ok and can push.
> I think getting rid of the extra payload is something to sort out later.
>
> Andrew
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
