On Fri, 9 Apr 2021 at 16:39, Paul Wouters <[email protected]> wrote: > > > > New commits: > > commit 93cd3bfde96eb5539e6ec06c85eefbf520a19aa4 > > Merge: aa06e23 8ad8bce > > Author: Andrew Cagney <[email protected]> > > Date: Fri Apr 9 16:10:20 2021 -0400 > > > > ikev2: drop 'certificate verified OK' message > > > > covered by the authenticated message > > But is it covered when the authentication fails? Eg when the certificate > is valid and authenticated but the IKE peer ID mismatches? > > Grepping for 'authentication failed: ' shows:
authentication failed: using RSA with SHA2_512 for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, [email protected]' tried preloaded: *AwEAAbyhB which is close. If the peer's cert validates, matches the ID, but doesn't work, it should emit '... tried peer: *...'' but I couldn't find a test proving this. Is that the case you're thinking of? Paul > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev >
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
