[Swan-commit] Changes to ref refs/heads/main
Paul Wouters
paul at vault.libreswan.fi
Thu Jun 24 15:17:52 UTC 2021
New commits:
commit 2bfbc3a17a725c63521741020d3c80591d1148ab
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 11:16:19 2021 -0400
testing: cleanup ipv6-addresspool-05-dual-stack
This avoids throwing "starter: left is KH_NOTSET" errors
commit 7f24494028822a15520463f67b29e56a836b9d88
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 11:10:41 2021 -0400
testing: generate-dnssec.sh no longer uses -r /dev/urandom
this avoids:
dnssec-keygen: fatal: The -r option has been deprecated.
System random data is always used.
commit e171e47fe94087c7c3966c9561bc44dba31810b4
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 11:05:22 2021 -0400
testing: cleanup ipv6-addresspool-04-src-address-selection
This avoids throwing "starter: left is KH_NOTSET" errors
commit 769c53050b0cf55fec30b36f8743e4170e57bdb1
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 11:00:40 2021 -0400
testing: cleanup ikev2-70-src-address-selection
This avoids throwing "starter: left is KH_NOTSET" errors
commit 11c1c9d736e0147dbcedafa3a709ebcc73713ff2
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 10:45:45 2021 -0400
testing: addconn-05 updated error output
commit cc1f0788032306dfd207d567569e06d4e48307ac
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 10:39:48 2021 -0400
libipsecconf: fail to load conn when encountering KH_NOTSET
Something bad happened, eg a parse error, and it should not be
ignored. This could lead to subnet= being "half defined" and
cause different behaviour between loading a conn with auto=add
or via ipsec auto --add
commit 22973ed6b8a8f1aa23db5c79808fa261855c76b4
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 10:38:44 2021 -0400
testing: ikev2-asymmetric-01-parsing addconn update
addconn no longer prints bogus "ignoring: "
commit efe15f56ec86b01a1e5fddf5b80b2a902c3d6e1b
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 10:37:57 2021 -0400
addconn: don't print misleading "ignoring: "
It was not actually ignoring it - it would fail to load the connection.
commit 91db84a49d5754a6f802b521085aa1c727f40501
Author: Paul Wouters <paul.wouters at aiven.io>
Date: Thu Jun 24 10:03:47 2021 -0400
pluto: extract_end() should fail, not pexpect, on bad subnet
This happens when having a typo in leftsubnet= while using
auto=add or auto=start. In contrast, running addconn via
"ipsec auto --add" will properly fail to load such a connection.
More information about the Swan-commit
mailing list