[Swan-commit] Changes to ref refs/heads/master

[Paul Wouters]

New commits:
commit ca99295e0df6bd61dc7300800a3bba55374634f0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Dec 24 13:29:52 2014 -0500

    IKEv2: Support for INVALID_KE DH group re-transmits
    
        As responder, send a proper INVALID_KE with an acceptable DH group as
        notify payload (instead of returning NO_PROPOSAL_CHOSEN)
    
        As initiator, receive the DH group in the INVALID_KE, look up if the
        group is acceptable, and if so, re-initiate with a new KE payload.
    
        - expose the default_ike_groups to pick a last-effort DH group
        - added the following functins:
            void send_v2_notification_invalid_ke(struct state *st)
            bool modp_in_propset(oakley_group_t received, struct alg_info_ike *ai_list)
            oakley_group_t first_modp_from_propset(struct alg_info_ike *ai_list)
            stf_status crypto_helper_build_ke(struct state *st)
            clear_dh_from_state(struct state *st)
        - cleanup some duplicate code
        - add comment and log about excessive calling of sa_v2_convert()
        - check spisize before the switch(), as it applies to all notify payloads
        - Support for in_struct() reading a notify payload [Hugh]
        - Removed some dead code [Hugh]
        - Notify chunk building [Hugh]

commit f422db57057d8b72afa8db30bf0b1202f6e08dc6
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Dec 24 13:28:36 2014 -0500

    testing: delete old interop-ikev2-strongswan-25-ke-mismatch

commit 345aa38ca04b671f704bd6d82718d9390bea7897
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Dec 24 13:27:41 2014 -0500

    testing: Added INVALID_KE test cases
    
    ikev2-21-invalid-ke
    interop-ikev2-strongswan-25-ke-mismatch-initiator
    interop-ikev2-strongswan-26-ke-mismatch-responder