[Swan-dev] Regarding ikev2-03-basic-rawrsa-ckaid
paul at nohats.ca
Tue Sep 8 14:09:05 UTC 2020
On Tue, 8 Sep 2020, Andrew Cagney wrote:
>> The test case was failing because there is a bug. connections with
>> raw RSA keys without ipsec.secrets entry do not load properly.
> A config file containing ckaid= and rsapubkey=.
>> The commit below "fixes" this with a hack, but I'd rather keep
>> the test case failing so we remember to fix this issue.
> Er, NO.
> This specific test, which I wrote, passed before the commit vis:
> so should pass now
> This is deliberate.
> It exercises both the current broken behaviour and a work-around. If
> that behaviour changes then I'd like to know (and it has - a look at
> the diff of the description shows that changed significantly).
Oh, you are right. The test case for no secrets file is
> This of course brings up basic-pluto-01-nosecrets which has _never_
> passed, had a description.txt containing utter crap, yet had to be
> marked as GOOD.
According to git, that is your text :)
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Sep 7 21:33:08 2020 -0400
testing: fix basic-pluto-01-nosecrets's description
Before yesterday's commit, it had the standard basic-pluto-01 text
because it was literally a copy of basic-pluto-01 without the "no
longer needed" secrets entry for raw RSA keys. Which got broken.
The test case shows an important bug. When you run "ipsec newhostkey"
without capturing the output, you cannot use it for any authenitcation
because keys no longer load on the connection. This has been a bug since
3.1x ? I even had to revert the documentation on the wiki and the RHEL
guide to re-document the command to "ipsec newhostkey > /etc/ipsec.d/some.secret"
because of this. To me, this is a very important bug tht should get
More information about the Swan-dev