[Swan-dev] Regarding ikev2-03-basic-rawrsa-ckaid

Paul Wouters paul at nohats.ca
Tue Sep 8 04:32:08 UTC 2020

The test case was failing because there is a bug. connections with
raw RSA keys without ipsec.secrets entry do not load properly.

The commit below "fixes" this with a hack, but I'd rather keep
the test case failing so we remember to fix this issue.


---------- Forwarded message ----------
Date: Mon, 7 Sep 2020 17:29:35
From: Andrew Cagney <cagney at vault.libreswan.fi>
To: swan-commit at lists.libreswan.org
Subject: [Swan-commit] Changes to ref refs/heads/main

New commits:
commit f22ca063af1bece186346f1fdf02514ae089035c
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Sep 7 17:27:37 2020 -0400

     testing: review and update ikev2-03-basic-rawrsa-ckaid

     Querks when specifying the CKAID of a raw RSA key in a basic IKEv2 connection.

     Connections involving rsasigkey are performed using two whack messages

     1. add the connection _without_ the raw key
     2. add the raw key

     This breaks "ipsec auto --add east-ckaid-rsasigkey":

     - the first whack message tries to add the connection; since it
       specifies ..ckaid=..., but rsasigkey hasn't yet been added, it fails

     But there's a work-around:

     1. "ipsec auto --add east-rsasigkey"

        this adds east'ts rsasigkey to the database

     2. "ipsec auto --add east-ckaid"

        loads because the command above loaded the RSASIGKEY

Swan-commit mailing list
Swan-commit at lists.libreswan.org

More information about the Swan-dev mailing list