[Swan-commit] Changes to ref refs/heads/master

2019-05-11 Thread Paul Wouters 
New commits:
commit 448fa55b649d55fdbf03c4bc039d4cd6237bce6f
Author: Paul Wouters 
Date:   Sat May 11 17:31:15 2019 -0400

testing: add impair revival for ikev1-rekey-connswitch

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

2019-05-11 Thread Paul Wouters 
New commits:
commit d908d71f3a4e4241c1a1a2e52eb1a870597c9185
Author: Paul Wouters 
Date:   Sat May 11 17:24:33 2019 -0400

testing: add libipsecconf-04 and add 03/04 to TESTLIST

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

2019-05-11 Thread Paul Wouters 
New commits:
commit ac1e643e953fe661e9d06ea44db8252f7ef46510
Author: Paul Wouters 
Date:   Sat May 11 17:16:31 2019 -0400

testing: ikev1-hostpair-02 impair revival to match up state numbers

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

2019-05-11 Thread Tuomo Soini 
New commits:
commit 5e8fae6bf3e0e066d2c9642a54b0d3a39e7510e4
Author: Tuomo Soini 
Date:   Sat May 11 19:39:57 2019 +0300

_updown.netkey.in: use -m intead of --max-count for busybox compatibility

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit

[Swan-commit] Changes to ref refs/heads/master

2019-05-11 Thread Andrew Cagney 
New commits:
commit 75ae4c0b82a91f7aecba95d91b481be505582b1c
Author: Andrew Cagney 
Date:   Fri May 10 13:47:07 2019 -0400

ikev2: when PAM fails immediately delete the state using STF_FATAL

Presumably when the MITM fails to prove their credentials the first
time it's unlikely they will succeed with their second attempt.  Stops
a retransmit going through the same code path triggering a PEXPECT.

Also tweak the cert code path that was triggering the PEXPECT to fail
immediately when re-called.

The code was returning STF_FAIL+v2N which does nothing to the state.
Add note suggesting code should return STF_ZOMBIFY - where
complete_v2_state_transition() sends the now recorded auth-failed
notification and transitions the state to zombie.  That way it can
linger, responding to any duplicate and equally invalid auth requests.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit