[Swan-dev] questions about ikev2_send_auth
D. Hugh Redelmeier
hugh at mimosa.com
Sun Feb 3 18:28:16 UTC 2019
ikev2_send_auth's internal variable "authby" has a kind of obvious
function.
It starts out as the value from c->spd.this.authby (the relevant
asymmetric value).
If st->st_peer_wants_null, it gets over-ridden to AUTH_NULL.
Otherwise, if the asymmetric value is AUTH_UNSET, it makess up a value
based on the POLICY bits (the symmetric authby, I guess). Since those are
a set, it picks the "best" one.
Q1: why does this last-described check not consider POLICY_ECDSA?
Something like
} else if (c->policy & POLICY_ECDSA) {
authby = AUTH_ECDSA;
}
Q2: since this IF cascade does not have an "} else {", could this not
cause a bad_case in the immediately following SWITCH?
More information about the Swan-dev
mailing list