[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Sat May 11 14:26:00 UTC 2019

New commits:
commit 75ae4c0b82a91f7aecba95d91b481be505582b1c
Author: Andrew Cagney <cagney at gnu.org>
Date:   Fri May 10 13:47:07 2019 -0400

    ikev2: when PAM fails immediately delete the state using STF_FATAL
    Presumably when the MITM fails to prove their credentials the first
    time it's unlikely they will succeed with their second attempt.  Stops
    a retransmit going through the same code path triggering a PEXPECT.
    Also tweak the cert code path that was triggering the PEXPECT to fail
    immediately when re-called.
    The code was returning STF_FAIL+v2N which does nothing to the state.
    Add note suggesting code should return STF_ZOMBIFY - where
    complete_v2_state_transition() sends the now recorded auth-failed
    notification and transitions the state to zombie.  That way it can
    linger, responding to any duplicate and equally invalid auth requests.

More information about the Swan-commit mailing list