[Swan-dev] questions about ikev2_send_auth

D. Hugh Redelmeier hugh at mimosa.com
Sun Feb 3 18:28:16 UTC 2019


ikev2_send_auth's internal variable "authby" has a kind of obvious 
function.

It starts out as the value from c->spd.this.authby (the relevant 
asymmetric value).

If st->st_peer_wants_null, it gets over-ridden to AUTH_NULL.

Otherwise, if the asymmetric value is AUTH_UNSET, it makess up a value 
based on the POLICY bits (the symmetric authby, I guess).  Since those are 
a set, it picks the "best" one.


Q1: why does this last-described check not consider POLICY_ECDSA?
Something like
                } else if (c->policy & POLICY_ECDSA) {
 			authby = AUTH_ECDSA;
                }

Q2: since this IF cascade does not have an "} else {", could this not 
cause a bad_case in the immediately following SWITCH?


More information about the Swan-dev mailing list