[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Tue Mar 3 03:43:00 UTC 2020
New commits:
commit e0804e12d60eb8a32f1fc8f1dad2f986454bf630
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 2 22:41:31 2020 -0500
testing: add ikev2-child-rekey-05 to TESTLIST
The test is in git but looks like WIP, so marked as such.
(it has verbose console files added to it ??)
commit 7be41582a340c52af55a6ba8c6d1e14e3cdea9e9
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Mar 2 21:54:08 2020 -0500
IKEv2: Verify (not ignore) expected TSi/TSr payloads for IPsec rekeys.
The RFC states they MUST be the same for IPsec rekey as they are for the
original exitsing IPsec SA. So for rekeying, the traffic selectors were
just copied from the existing IPsec being rekeyed and ignored the actual
TSi/TSr payloads during IPsec rekey.
It now parses these and returns INVALID_SYNTAX if it fails to parse. This
happens on libreswan 3.30 due to a bug in the IPsec rekey code on that version.
It also verifies the traffic selector that was negotiated for the existing
IPsec SA is still an entry on the received TSi/TSr list. Other entries on
the list are ignored.
More information about the Swan-commit
mailing list