On Sun, 3 Feb 2019, Andrew Cagney wrote:
Subject: Re: [Swan-dev] testing/pluto/ikev2-03-basic-rawrsa-ckaid
But what does this really test?
From my POV, it demonstrates how CKAIDs with raw private keys can
sometimes seem to work when really they don't.
Okay, so once we support raw RSA that does not require secrets files,
we can rewrite this test case without using includes, so that it becomes
clear.
conn westnet-eastnet-ikev2
also=east-rightckaid
also=west-leftrsasigkey
also=east-rightrsasigkey
Although, there is a weirdness of using ckaid= as the connection is no
longer symmetrical. That is left can use leftckaid=XXXX, but right
cannot use leftckaid unless it has a copy of the key in NSS.
Maybe allowing left/rightckaid= was not a good idea after all? But I
guess now we are stuck with it.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
