<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 14 Apr 2020 at 10:46, Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Both Antony and I have been working on this issue. Yes, this needs<br>
to be completed still.<br></blockquote><div><br></div><div>The code was testing for STATE_V2_REKEY_CHILD_I which couldn't happen in this code path.</div><div><br></div><div>It seems to be the same problem as IKE AUTH when the response is bad; it needs to trigger another exchange.<br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Paul<br>
<br>
---------- Forwarded message ----------<br>
Date: Tue, 14 Apr 2020 10:36:30<br>
From: Andrew Cagney <<a href="mailto:cagney@vault.libreswan.fi" target="_blank">cagney@vault.libreswan.fi</a>><br>
To: <a href="mailto:swan-commit@lists.libreswan.org" target="_blank">swan-commit@lists.libreswan.org</a><br>
Subject: [Swan-commit] Changes to ref refs/heads/master<br>
<br>
New commits:<br>
commit 68a5f1a6ab6ae199b098fdf23f79ab92195ce28b<br>
Author: Andrew Cagney <<a href="mailto:cagney@gnu.org" target="_blank">cagney@gnu.org</a>><br>
Date:   Tue Apr 14 10:27:19 2020 -0400<br>
<br>
     ikev2: record a rekey child's ts unacceptable response<br>
<br>
     In kev2_child_out_tail(), use pexpects to answer the question:<br>
       ??? which states are actually correct?<br>
     It looks like child_rekey_ts_verify() isn't called to verify<br>
     the TS payload in a rekey response?<br>
<br>
_______________________________________________<br>
Swan-commit mailing list<br>
<a href="mailto:Swan-commit@lists.libreswan.org" target="_blank">Swan-commit@lists.libreswan.org</a><br>
<a href="https://lists.libreswan.org/mailman/listinfo/swan-commit" rel="noreferrer" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan-commit</a><br>
_______________________________________________<br>
Swan-dev mailing list<br>
<a href="mailto:Swan-dev@lists.libreswan.org" target="_blank">Swan-dev@lists.libreswan.org</a><br>
<a href="https://lists.libreswan.org/mailman/listinfo/swan-dev" rel="noreferrer" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan-dev</a><br>
</blockquote></div></div>