[Swan-commit] Changes to ref refs/heads/main

Paul Wouters paul at vault.libreswan.fi
Thu Oct 14 03:17:29 UTC 2021


New commits:
commit f11b8c2272758f7fa35966138516cc975c9b922d
Merge: 9dc4406bdd 8cdcbf297e
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Wed Oct 13 23:17:18 2021 -0400

    Merge branch 'esn-replay'

commit 8cdcbf297e80811ebb4379637af2a304e4a20ea8
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:52:35 2021 -0400

    testing: rename removed-iface-01 to ikev2-removed-iface-01

commit a0a0e0d05994d69c0e95bee8fcdb3868ab419180
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:50:30 2021 -0400

    testing: rename nss-cert-pkcs11-uri-01 to ikev2-nss-cert-pkcs11-uri-01

commit 6da3b41a4e3796cfaa0cdf3e77254c3bdde13f54
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:49:04 2021 -0400

    testing: rename nss-cert-08-mismatch to ikev2-nss-cert-08-mismatch

commit 2bf61899e97e6c8684bac543bf8646b2c3848c93
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:46:23 2021 -0400

    testing: renamed netkey-tfc-0* to ikev2-tfc-0*

commit 864752b341da53f7473ce9b05679777ca2603a90
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:42:08 2021 -0400

    testing: fixup more ikev1/ikev2 tests
    
    basic-pluto-09-orienting is IKEv1 but used ikev2=never instead of
    ikev2=no due to Red Hat compat for RHEL8, so it got accidentally
    zapped with ESN_YES
    
    delete-sa-0[12] were accidentally changed from IKEv1 to IKEv2 in
    the Great Default IKEv2 Change. Fix them back to IKEv1.
    
    Rename ipv6-addresspool-04-src-address-selection to
    ikev2-ipv6-addresspool-04-src-address-selection

commit 61ff4d54688c922da8c1bb728cdf664fd8185c70
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:41:12 2021 -0400

    testing: rename two tests to clearly show these are IKEv2
    
    While renaming, might as well rename netkey -> xfrm

commit b242ddc5e826b0a0e07f2910aae156576f857185
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:38:22 2021 -0400

    testing: rename ipv6-addresspool-04-src-address-selection to ikev2-ipv6-addresspool-04-src-address-selection

commit f7e6c9d70762078b7f8f55a579605ab7e851ed4a
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:18:01 2021 -0400

    testing: rename algo-pluto-09 to ikev2-algo-pluto-09
    
    It was always an IKEv2 test, and is very misleadingly named

commit d1f51786c6875a00634aec192be48e3865a4a5df
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:17:11 2021 -0400

    testing: delete-sa-02 is supposed to be an IKEv1 test
    
    accidentally got changed when our default changed.

commit 55653fc705daf0ac5d3d5faa7cc420118dae6341
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:12:39 2021 -0400

    pluto: change ESN warning to debug message
    
    Otherwise, it is too noisy on the whack output for default esn settings
    that use IKEv1.

commit e01170318ce2772f40c9d6ecfed0e0f59587680a
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 23:03:33 2021 -0400

    testing: bulk IKEv2 ESN update

commit a9ebf38be998ab87d0bcfbac14cf15b79e73810c
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 22:20:59 2021 -0400

    testing: add sanitizer for xfrm ESN output

commit bc3df432726d2946e1b255409fc0a3f28ece831c
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 16:23:43 2021 -0400

    documentation: fix comment in sanitizer

commit 6adc316a55a22cd6645b0ef5a0ee2bbb5a24f109
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 14:15:07 2021 -0400

    IKEv1: log a warning for trying ESN with IKEv1

commit 9ce46792a239ab7fb5ccf131039ff5d0630b1e5a
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 13:03:18 2021 -0400

    pluto: Update to IKEv1 IPSEC Security Association Attributes registry
    
    Add five new values, although we don't plan to support any of these.

commit b4ddfa7df00fe498e4a426822783d69848772b0a
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 13:12:33 2021 -0400

    documentation: clarify esn= is only supported for IKEv2

commit 48a84fcac52b18de0f451ef0eb1061d901055ca2
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Tue Oct 12 12:12:29 2021 -0400

    pluto: dont set ta.esn_enabled to true in failure case

commit 11116585b2542f0a678a2e10ca0d1923acffb812
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Fri Oct 8 13:53:06 2021 -0400

    documentation: update CHANGES

commit 64710f298e7f63c3aa853d339e6644f749424df5
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Fri Oct 8 13:42:47 2021 -0400

    IKEv2: Enable ESN for default proposal

commit 65329243d67d8ab8f2d4242eeb6400330f215d7b
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Fri Oct 8 13:42:02 2021 -0400

    libipsecconf: change default esn= value from "no" to "either"

commit d9643a015715c45e47e1262a668425621b874162
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Fri Oct 8 13:41:22 2021 -0400

    pluto: Raise default replay-window size from implicit 32 to 128

commit 829ee3bf325779bb9ec165b679d3905f3678e4e0
Author: Paul Wouters <paul.wouters at aiven.io>
Date:   Fri Oct 8 13:40:21 2021 -0400

    testing: updates to Extended Sequence Number (ESN) tests



More information about the Swan-commit mailing list