[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Thu Mar 24 23:40:44 EET 2022


New commits:
commit 036718272489c6fd321c99bb3c9ea30f5a1809c5
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Mar 24 17:39:57 2022 -0400

    testing: expect AUTHBY bits when showing a connection

commit d7a791837a85d93107fef59414b2f8e5a69249c5
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Mar 24 15:50:09 2022 -0400

    connections: include "interesting" .policy_authby when showing a connection
    
    The format is roughly:
    
      auth:AUTH(AUTHBY)
    
    For instance:
    
     - our auth:rsasig, their auth:rsasig, ...
     + our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+ECDSA+RSASIG_v1_5, ...
    
    - our auth:rsasig is changed to auth:rsasig(RSASIG+RSASIG_v1_5)
      because either RSASIG_v1_5 or RSASIG could end up being used
      (an alternative would be auth:RSASIG+RSASIG_v1_5)
    
    - their auth:rsasig is changed to auth:RSASIG+ECDSA+RSASIG_v1_5
      because the peer can authenticate using any of those three
      methods and not just RSA.
    
    and:
    
     - our auth:null, their auth:rsasig, ...
     + our auth:null, their auth:RSASIG+RSASIG_v1_5, ...
    
    - our auth:null is unchanged
      because auth:null(NULL) isn't interesting, ditto PSK, ...
    
    - their auth:rsasig is changed to auth:RSASIG+RSASIG_v1_5
      per above; this time ECDSA is missing because the
      config file had <their>auth=rsa.
    
    a follow-up patch can remove the AUTHBY bits from the policy line.



More information about the Swan-commit mailing list