[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Tue Oct 25 17:20:11 EEST 2022


New commits:
commit b23eeaafea215bc90876d9200dbf2b1b71fe3b6d
Author: Andrew Cagney <cagney at gnu.org>
Date:   Tue Oct 25 10:15:49 2022 -0400

    ikev2: enforce modecfg.server requiring a CP request
    
    When is CP allowed?
       A request for such a temporary address can be included in
       any request to create a Child SA (including the implicit
       request in message 3) by including a CP payload.
    When is CP required?
       In the case where the IRAS's [IPsec Remote Access Server]
       configuration requires that CP be used for a given
       identity IDi, but IRAC has failed to send a
       CP(CFG_REQUEST), IRAS MUST fail the request, and
       terminate the Child SA creation with a FAILED_CP_REQUIRED
       error.
    
    expect OE carnage #896 #897



More information about the Swan-commit mailing list