[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Mon Mar 19 22:59:03 UTC 2018
New commits:
commit 872c2905fb372e5f163ed8bae5dc2ae6c8bdec3e
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Mar 19 18:49:43 2018 -0400
ikev2: treat any error notification (including NO_PROPOSAL_CHOSEN) in AUTH replay as fatal
RFC says log unknown status notifications while unknown error
notifications should be treated as fatal.
For NO_PROPOSAL_CHOSEN in the auth response (where auth passed but
the child sa fails), pluto should probably respond by initiating
a delete IKE SA. It didn't instead retrying the auth ...
This patch the behaviour to instead fail (like for failed auth
which isn't good, but hopefully better).
More information about the Swan-commit
mailing list