[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Sun Jun 23 23:26:07 UTC 2019
New commits:
commit 816e4b8b256bc19d942369cef0ec64e691e6f0a0
Author: Paul Wouters <pwouters at redhat.com>
Date: Sun Jun 23 19:23:20 2019 -0400
IKEv2: re-instate NO_PROPOSAL_CHOSEN when we do not find any connection
As per feedback from the IPSEC WG:
Tero said:
If both implementations work correctly you should NEVER send
INVALID_SYNTAX error. That always means there is programming
error in one of the implementations.
[...]
We discussed this, but decided that we want to keep error
codes limited, not to leak out information what is wrong in
the configuration. So you get same NO_PROPOSAL_CHOSEN error
notification regardless whether your algorithm list does not
match, or whether the ip is unknown, or whether the identity of
the other end is unknown.
More information about the Swan-commit
mailing list