[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Mar 23 04:34:15 EET 2022
New commits:
commit 86257ae1f9f236426a1517a0178500cc123497fe
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Mar 22 20:52:05 2022 -0400
ikev2: send SIGNATURE_HASH_ALGORITHMS per remote's .policy_authby
... and not .policy; and not conditional on initiator sending
its hash payload
For instance, leftauth=psk rightauth=rsa. Left needs to send
right it's hash algorithms, but not the reverse, and no matter
which end initiates.
commit cffaad6f6369189f91d9950a9ccafc4c7aad06e6
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Mar 22 20:48:15 2022 -0400
ikev2: match incoming v2AUTH payload blob against .sighash_policy
... not .negotiated_hashes. .sighash_policy is what we want
remote to use while .negotiated_hashes is what remote wants us
to use.
commit f95bcbc3db2be47a3eddab133f7e2f6434f44544
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Mar 22 17:40:50 2022 -0400
crypto: clean up .policy_authby bits
- when IKEv1, strip ECDSA and (confusingly) RSASIG_v1_5
- when auth={rsa,null}, force the corresponding bit
More information about the Swan-commit
mailing list