[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Tue Mar 30 20:13:19 UTC 2021
New commits:
commit 226a8330f8c9a5a4b74222e9749b888475caf078
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Mar 30 16:08:38 2021 -0400
ikev1: re-tweak "starting keying attempt 2 of at most 1" tweak
It turns out that the code relies on the IKEv1 initial responder
(probably an IKEv2 term) having ry==0 to supress that end
retrying after retransmits fail. Adding 1 too early broke this.
Instead change try<=limit to try<limit.
basic-pluto-01-nokey linux-audit-02-ike-fail linux-audit-03-ipsec-fail
pass.
(Since IKEv2's responder never retransmits it doesn't suffer from
this problem).
More information about the Swan-commit
mailing list