[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Thu Mar 24 23:40:44 EET 2022
New commits:
commit 036718272489c6fd321c99bb3c9ea30f5a1809c5
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Mar 24 17:39:57 2022 -0400
testing: expect AUTHBY bits when showing a connection
commit d7a791837a85d93107fef59414b2f8e5a69249c5
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Mar 24 15:50:09 2022 -0400
connections: include "interesting" .policy_authby when showing a connection
The format is roughly:
auth:AUTH(AUTHBY)
For instance:
- our auth:rsasig, their auth:rsasig, ...
+ our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+ECDSA+RSASIG_v1_5, ...
- our auth:rsasig is changed to auth:rsasig(RSASIG+RSASIG_v1_5)
because either RSASIG_v1_5 or RSASIG could end up being used
(an alternative would be auth:RSASIG+RSASIG_v1_5)
- their auth:rsasig is changed to auth:RSASIG+ECDSA+RSASIG_v1_5
because the peer can authenticate using any of those three
methods and not just RSA.
and:
- our auth:null, their auth:rsasig, ...
+ our auth:null, their auth:RSASIG+RSASIG_v1_5, ...
- our auth:null is unchanged
because auth:null(NULL) isn't interesting, ditto PSK, ...
- their auth:rsasig is changed to auth:RSASIG+RSASIG_v1_5
per above; this time ECDSA is missing because the
config file had <their>auth=rsa.
a follow-up patch can remove the AUTHBY bits from the policy line.
More information about the Swan-commit
mailing list