[Swan-dev] why, in ah-pluto-01, does libreswan emit an ESP proposal
Andrew Cagney
andrew.cagney at gmail.com
Fri Oct 5 00:54:52 UTC 2018
It turns out that, when phase2=ah (i.e., POLICY_AUTHENTICATE), IKEv1's
defaults, since before the start of time have been:
static struct db_prop_conj ah_props[] = {
{ AD(ah_pc) },
#ifdef SUPPORT_ESP_NULL
{ AD(espnull_pc) }
#endif
};
I.e., in addition to AH, emit an ESP proposal with no encryption.
It's just that it never worked.
Should the second line be dropped?
Andrew
On Thu, 4 Oct 2018 at 18:02, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> > In the current code NEXT in the first payload is patched up so the
> > second proposal is be visible. Am trying east:phase2=esp
>
> Yea, that went a little too well :-(
>
> I'm testing the attached to mitigate this new problem, hopefully it
> goes ok and can push.
> I think getting rid of the extra payload is something to sort out later.
>
> Andrew
More information about the Swan-dev
mailing list