[Swan-dev] ikev2: drop 'certificate verified OK' message
Andrew Cagney
andrew.cagney at gmail.com
Fri Apr 9 21:46:44 UTC 2021
On Fri, 9 Apr 2021 at 16:39, Paul Wouters <paul at nohats.ca> wrote:
>
>
> > New commits:
> > commit 93cd3bfde96eb5539e6ec06c85eefbf520a19aa4
> > Merge: aa06e23 8ad8bce
> > Author: Andrew Cagney <cagney at gnu.org>
> > Date: Fri Apr 9 16:10:20 2021 -0400
> >
> > ikev2: drop 'certificate verified OK' message
> >
> > covered by the authenticated message
>
> But is it covered when the authentication fails? Eg when the certificate
> is valid and authenticated but the IKE peer ID mismatches?
>
>
Grepping for 'authentication failed: ' shows:
authentication failed: using RSA with SHA2_512 for 'C=CA, ST=Ontario,
L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org,
E=user-west at testing.libreswan.org' tried preloaded: *AwEAAbyhB
which is close. If the peer's cert validates, matches the ID, but doesn't
work, it should emit '... tried peer: *...'' but I couldn't find a test
proving this.
Is that the case you're thinking of?
Paul
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20210409/48bb4671/attachment.html>
More information about the Swan-dev
mailing list