On Tue, 14 Apr 2020 at 10:46, Paul Wouters <[email protected]> wrote: > > Both Antony and I have been working on this issue. Yes, this needs > to be completed still. >
The code was testing for STATE_V2_REKEY_CHILD_I which couldn't happen in this code path. It seems to be the same problem as IKE AUTH when the response is bad; it needs to trigger another exchange. > Paul > > ---------- Forwarded message ---------- > Date: Tue, 14 Apr 2020 10:36:30 > From: Andrew Cagney <[email protected]> > To: [email protected] > Subject: [Swan-commit] Changes to ref refs/heads/master > > New commits: > commit 68a5f1a6ab6ae199b098fdf23f79ab92195ce28b > Author: Andrew Cagney <[email protected]> > Date: Tue Apr 14 10:27:19 2020 -0400 > > ikev2: record a rekey child's ts unacceptable response > > In kev2_child_out_tail(), use pexpects to answer the question: > ??? which states are actually correct? > It looks like child_rekey_ts_verify() isn't called to verify > the TS payload in a rekey response? > > _______________________________________________ > Swan-commit mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-commit > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev >
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
