On Tue, 8 Sep 2020 at 00:32, Paul Wouters <[email protected]> wrote: > > > The test case was failing because there is a bug. connections with > raw RSA keys without ipsec.secrets entry do not load properly.
A config file containing ckaid= and rsapubkey=. > The commit below "fixes" this with a hack, but I'd rather keep > the test case failing so we remember to fix this issue. Er, NO. This specific test, which I wrote, passed before the commit vis: https://testing.libreswan.org/v3.30-1565-gf016c018d3-main/ikev2-03-basic-rawrsa-ckaid/ so should pass now This is deliberate. It exercises both the current broken behaviour and a work-around. If that behaviour changes then I'd like to know (and it has - a look at the diff of the description shows that changed significantly). This of course brings up basic-pluto-01-nosecrets which has _never_ passed, had a description.txt containing utter crap, yet had to be marked as GOOD. > ---------- Forwarded message ---------- > Date: Mon, 7 Sep 2020 17:29:35 > From: Andrew Cagney <[email protected]> > To: [email protected] > Subject: [Swan-commit] Changes to ref refs/heads/main > > New commits: > commit f22ca063af1bece186346f1fdf02514ae089035c > Author: Andrew Cagney <[email protected]> > Date: Mon Sep 7 17:27:37 2020 -0400 > > testing: review and update ikev2-03-basic-rawrsa-ckaid > > Querks when specifying the CKAID of a raw RSA key in a basic IKEv2 > connection. > > Connections involving rsasigkey are performed using two whack messages > which: > > 1. add the connection _without_ the raw key > 2. add the raw key > > This breaks "ipsec auto --add east-ckaid-rsasigkey": > > - the first whack message tries to add the connection; since it > specifies ..ckaid=..., but rsasigkey hasn't yet been added, it fails > > But there's a work-around: > > 1. "ipsec auto --add east-rsasigkey" > > this adds east'ts rsasigkey to the database > > 2. "ipsec auto --add east-ckaid" > > loads because the command above loaded the RSASIGKEY > > _______________________________________________ > Swan-commit mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-commit > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
