[Swan-dev] "rekey child's ts unacceptable response"
andrew.cagney at gmail.com
Tue Apr 14 15:09:27 UTC 2020
On Tue, 14 Apr 2020 at 10:46, Paul Wouters <paul at nohats.ca> wrote:
> Both Antony and I have been working on this issue. Yes, this needs
> to be completed still.
The code was testing for STATE_V2_REKEY_CHILD_I which couldn't happen in
this code path.
It seems to be the same problem as IKE AUTH when the response is bad; it
needs to trigger another exchange.
> ---------- Forwarded message ----------
> Date: Tue, 14 Apr 2020 10:36:30
> From: Andrew Cagney <cagney at vault.libreswan.fi>
> To: swan-commit at lists.libreswan.org
> Subject: [Swan-commit] Changes to ref refs/heads/master
> New commits:
> commit 68a5f1a6ab6ae199b098fdf23f79ab92195ce28b
> Author: Andrew Cagney <cagney at gnu.org>
> Date: Tue Apr 14 10:27:19 2020 -0400
> ikev2: record a rekey child's ts unacceptable response
> In kev2_child_out_tail(), use pexpects to answer the question:
> ??? which states are actually correct?
> It looks like child_rekey_ts_verify() isn't called to verify
> the TS payload in a rekey response?
> Swan-commit mailing list
> Swan-commit at lists.libreswan.org
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Swan-dev