ikev2_send_auth's internal variable "authby" has a kind of obvious
function.
It starts out as the value from c->spd.this.authby (the relevant
asymmetric value).
If st->st_peer_wants_null, it gets over-ridden to AUTH_NULL.
Otherwise, if the asymmetric value is AUTH_UNSET, it makess up a value
based on the POLICY bits (the symmetric authby, I guess). Since those are
a set, it picks the "best" one.
Q1: why does this last-described check not consider POLICY_ECDSA?
Something like
} else if (c->policy & POLICY_ECDSA) {
authby = AUTH_ECDSA;
}
Q2: since this IF cascade does not have an "} else {", could this not
cause a bad_case in the immediately following SWITCH?
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
