Having patched ikev2_pld.c to accept emty certreq still have no
connection from BlackBerry smartphone.
Please give some ideas what can be wrong?
On 04.07.2015 11:24, Denis Lapshin wrote:
Index: ikev2_pld.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2_pld.c,v
retrieving revision 1.50
diff -u -p -r1.50 ikev2_pld.c
--- ikev2_pld.c 26 Mar 2015 19:52:35 -0000 1.50
+++ ikev2_pld.c 3 Jul 2015 09:19:29 -0000
@@ -916,7 +916,9 @@ ikev2_pld_certreq(struct iked *env, stru
return (0);
if (cert.cert_type == IKEV2_CERT_X509_CERT) {
- if (!len || (len % SHA_DIGEST_LENGTH) != 0) {
+ if (!len)
+ return (0);
+ if ((len % SHA_DIGEST_LENGTH) != 0) {
log_debug("%s: invalid certificate request", __func__);
return (-1);
}
iked -dvv log is below:
...
ikev2_pld_payloads: decrypted payload CERTREQ nextpayload CP critical
0x00 length 5
ikev2_pld_certreq: type X509_CERT signatures length 0
ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical
0x00 length 36
ikev2_pld_cp: type REQUEST length 28
ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
ikev2_pld_cp: INTERNAL_IP4_NETMASK 0x0002 length 0
ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
ikev2_pld_cp: INTERNAL_IP4_NBNS 0x0004 length 0
ikev2_pld_cp: INTERNAL_IP4_NBNS 0x0004 length 0
ikev2_pld_cp: APPLICATION_VERSION 0x0007 length 0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
0x00 length 8
ikev2_pld_notify: protoid IKE spisize 0 type INITIAL_CONTACT
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
0x00 length 8
ikev2_pld_notify: protoid IKE spisize 0 type ESP_TFC_PADDING_NOT_SUPPORTED
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical
0x00 length 8
ikev2_pld_notify: protoid IKE spisize 0 type NON_FIRST_FRAGMENTS_ALSO
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
length 92
ikev2_pld_sa: more 0 reserved 0 length 88 proposal #1 protoid ESP
spisize 4 xforms 8 spi 0xf3268010
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id DES
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_MD5_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0
endport 65535
ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0
endport 65535
ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
sa_stateok: SA_INIT flags 0x00, require 0x00
ikev2_msg_auth: responder auth data length 357
ca_setauth: auth length 357
ikev2_sa_negotiate: score 7
config_free_proposals: free 0x203519780
sa_stateflags: 0x0c -> 0x0c auth,sa (required 0x0d cert,auth,sa)
sa_stateok: EAP flags 0x0c, require 0x0d cert,auth,sa
config_free_proposals: free 0x203519b80
ca_setauth: auth length 256
ikev2_getimsgdata: imsg 21 rspi 0xe580667dddd31820 ispi
0x417f3816fccfc162 initiator 0 sa valid type 1 data length 256
ikev2_dispatch_cert: AUTH type 1 len 256
sa_stateflags: 0x0c -> 0x0c auth,sa (required 0x0d cert,auth,sa)
sa_stateok: EAP flags 0x0c, require 0x0d cert,auth,sa
