[Swan-dev] testing/pluto/ikev2-03-basic-rawrsa-ckaid
Paul Wouters
paul at nohats.ca
Sun Feb 3 21:41:15 UTC 2019
On Sun, 3 Feb 2019, Andrew Cagney wrote:
> Subject: Re: [Swan-dev] testing/pluto/ikev2-03-basic-rawrsa-ckaid
>> But what does this really test?
>
> From my POV, it demonstrates how CKAIDs with raw private keys can
> sometimes seem to work when really they don't.
Okay, so once we support raw RSA that does not require secrets files,
we can rewrite this test case without using includes, so that it becomes
clear.
>> conn westnet-eastnet-ikev2
>> also=east-rightckaid
>> also=west-leftrsasigkey
>> also=east-rightrsasigkey
Although, there is a weirdness of using ckaid= as the connection is no
longer symmetrical. That is left can use leftckaid=XXXX, but right
cannot use leftckaid unless it has a copy of the key in NSS.
Maybe allowing left/rightckaid= was not a good idea after all? But I
guess now we are stuck with it.
Paul
More information about the Swan-dev
mailing list