[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Thu Jul 1 02:59:42 UTC 2021
New commits:
commit 1f72ba5ce87a34bc3140e2e8fcaf843011f6a959
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jun 30 22:09:37 2021 -0400
ikev2: only return STF_{OK,FAIL,FATAL} from CREATE_CHILD_SA processor
Not STF_FAIL+v2N. Fixes a sec_label core dump when the initiator gets
rejected.
Internally use v2_notification_t, mapping that onto the above (the
code will eventually need to send the notification to the responder as
part of a separate informational exchange. See 2.21. Error Handling).
commit f73daf149dec668b4fa9a3d568b03d080085edfc
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jun 30 15:29:09 2021 -0400
ikev2: v2_notification_to_v2_pd() -> v2_pd_from_notification()
commit 604abf57de93fc189f52d833056cf3f007f03a81
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Jun 30 14:54:01 2021 -0400
ikev2: only consider Configuration Payloads during IKE_AUTH
Move the code in ikev2_process_ts_and_rest() (also called by
CREATE_CHILD_SA) to process_v2_IKE_AUTH_response_child_sa_payloads().
Return CHILD_FAILED when it does.
Also, consistently use the Child SA's connection: the initiator
was using the IKE SA's connection when asking for CP, and the
Child SA's connection when processing the response.
More information about the Swan-commit
mailing list