On Tue, 8 Sep 2020, Andrew Cagney wrote:
The test case was failing because there is a bug. connections with
raw RSA keys without ipsec.secrets entry do not load properly.
A config file containing ckaid= and rsapubkey=.
The commit below "fixes" this with a hack, but I'd rather keep
the test case failing so we remember to fix this issue.
Er, NO.
This specific test, which I wrote, passed before the commit vis:
https://testing.libreswan.org/v3.30-1565-gf016c018d3-main/ikev2-03-basic-rawrsa-ckaid/
so should pass now
This is deliberate.
It exercises both the current broken behaviour and a work-around. If
that behaviour changes then I'd like to know (and it has - a look at
the diff of the description shows that changed significantly).
Oh, you are right. The test case for no secrets file is
basic-pluto-01-nosecrets.
This of course brings up basic-pluto-01-nosecrets which has _never_
passed, had a description.txt containing utter crap, yet had to be
marked as GOOD.
According to git, that is your text :)
commit dffc14bdb3dd3f0b0dfb0cd4a64718b558f732bb
Author: Andrew Cagney <[email protected]>
Date: Mon Sep 7 21:33:08 2020 -0400
testing: fix basic-pluto-01-nosecrets's description
Before yesterday's commit, it had the standard basic-pluto-01 text
because it was literally a copy of basic-pluto-01 without the "no
longer needed" secrets entry for raw RSA keys. Which got broken.
The test case shows an important bug. When you run "ipsec newhostkey"
without capturing the output, you cannot use it for any authenitcation
because keys no longer load on the connection. This has been a bug since
3.1x ? I even had to revert the documentation on the wiki and the RHEL
guide to re-document the command to "ipsec newhostkey >
/etc/ipsec.d/some.secret"
because of this. To me, this is a very important bug tht should get
fixed.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
