[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Mon Mar 21 19:47:31 EET 2022


New commits:
commit 66d25f840814117657a9c61e5c350f8d5d9d2143
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Mar 21 13:45:46 2022 -0400

    testing: in ikev2-x509-ecdsa-03-legacy, drop --impair force-v2-auth-method:legacy-ECDSA on responder
    
    code auto detects this

commit db4658e6cf49599cc637d715d95db65f9445f122
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Mar 21 13:44:48 2022 -0400

    ikev2: in ikev2_responder_decode_initiator_id(), when legacy ECDSA, look for ecdsa connection

commit a97f20abab7c1ec2b79bb1cdca59745ee2b0b8ee
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Mar 21 13:27:23 2022 -0400

    testing: in ikev2-digsig-04-mismatch, expect AUTHENTICATION_FAILED response

commit 6c3e2a6b37612f017c4982de406a79fa432d8a46
Author: Andrew Cagney <cagney at gnu.org>
Date:   Sun Mar 20 09:05:01 2022 -0400

    ikev2: cross-check that the auth method matches policy
    
    For instance when RSA_DIGITAL_SIGNATURE, check for SHA1+RSA_<legacy>
    
    This also fixes ikev2-digsig-04-mismatch which had:
      east:authby=rsa-sha2
      west:authby=rsa-sha1
    the old code:
      - accepted west's RSA_DIGITAL_SIGNATURE
      - only tripped up while building the AUTH response payload
        (the initiator doesn't accept DIGITAL_SIGNATURE method)



More information about the Swan-commit mailing list