[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Tue Sep 16 23:10:29 EEST 2014
New commits:
commit 2f4040a1801bd9419c64aaa2a0559fbf70176267
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 16 15:50:43 2014 -0400
ikev2: contain pexpect() fire for known cases
There are a few cases where we do not find an IKE ta.encrypter for
an ESP algorithm:
1) an ESP-only algorithm (such as CAST) that does not have an IKE version
2) An algorithm that the kernel supports for ESP, but that we have not
yet supported in IKE (eg camellia)
3) ESP_NULL obviously has no encrypter.
In these 3 cases, do not fire the pexpect() and allow the proposal to
succeed. In the future, we can change the pexpect() back to passert()
but only after we add ta.encrypter's for AES GCM/CCM/CTR.
commit f30a4b3b563a1354edde584ac82247d0d1ead6f5
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 16 15:49:59 2014 -0400
add debug line in setup_half_ipsec_sa() for keymat
commit c173176ef592a2668b599cf57fe6de01020271a7
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 16 15:45:56 2014 -0400
add a debug message to ikev2_crypto.c
commit 84c9388eb5a45e39caf8da628dc4a2aa273727f8
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 16 15:43:42 2014 -0400
Renamed AUTH_ALGORITHM_AES_CBC to AUTH_ALGORITHM_AES_XCBC
It's more consistent
More information about the Swan-commit
mailing list