I don't understand null auth and try to avoid it :-) One thing however,where ever you see AUTH_ECDSA or AUTH_RSA, think instead in terms of AUTH_PKI - those two code paths really need to be merged.
On Sun, 3 Feb 2019 at 13:28, D. Hugh Redelmeier <[email protected]> wrote: > > ikev2_send_auth's internal variable "authby" has a kind of obvious > function. > > It starts out as the value from c->spd.this.authby (the relevant > asymmetric value). > > If st->st_peer_wants_null, it gets over-ridden to AUTH_NULL. > > Otherwise, if the asymmetric value is AUTH_UNSET, it makess up a value > based on the POLICY bits (the symmetric authby, I guess). Since those are > a set, it picks the "best" one. > > > Q1: why does this last-described check not consider POLICY_ECDSA? > Something like > } else if (c->policy & POLICY_ECDSA) { > authby = AUTH_ECDSA; > } > > Q2: since this IF cascade does not have an "} else {", could this not > cause a bad_case in the immediately following SWITCH? > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
