I'm looking at this code in connections.c
same_leftca = extract_end(&c->spd.this, &wm->left, "left");
same_rightca = extract_end(&c->spd.that, &wm->right, "right");
if (same_rightca == -1 || same_leftca == -1) {
loglog(RC_LOG_SERIOUS, "extract_end() as failed - ID or
certificate might be unset and cause failure");
}
added with:
commit becaafd3c62f4209b1d8d882ab194c9b129d49ef
pluto: extract_end() ignored failures and stumbled on. Now it
aborts properly.
While extract_end() is aborted, the connection proper still gets
added. Should the code instead reject the connection:
- when the cert is unknown
- when the cert is "invalid" (see bug 339)
?
Andrew
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
