When refine_host_connection tests against a %fromcert RW connection
followed by other right=%any connections with fixed IDs (e.g.,
@hostname), it will lose the fromcert setting. So when it does
eventually return with the %fromcert RW connection fromcert will
be set to false and therefore the actua
On Thu, 30 Apr 2015, Herbert Xu wrote:
Subject: [Swan-dev] pluto: Add RFC7383 fragmentation support
This patch adds RFC7383 IKEv2 fragmentation support to pluto.
Wow! Thanks for doing all that work to implement fragmentation!
I'll spin this into a branch and run it through our full test suit
On Thu, 30 Apr 2015, Herbert Xu wrote:
We can only dereference cc after the fin_count check as otherwise
we may dereference unallocated memory.
Merged in nss_pkix branch, which should merge into master very soon.
Paul
___
Swan-dev mailing list
Swan-
On Thu, 30 Apr 2015, Herbert Xu wrote:
The display for modecfg client/server status in ipsec whack --status
is reversed.
Signed-off-by: Herbert Xu
Applied. thanks!
Paul
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan
On Thu, 30 Apr 2015, Herbert Xu wrote:
The current IKEv2 code is prone to generating STATE_UNDEFINED
child states when something goes wrong (e.g., no proposal chosen).
So we best not crash when encountering such states.
This was fixed differently by adding the state_story entries for those
sta
This patch adds RFC7383 IKEv2 fragmentation support to pluto.
Signed-off-by: Herbert Xu
diff --git a/include/ietf_constants.h b/include/ietf_constants.h
index e56683d..95fb27a 100644
--- a/include/ietf_constants.h
+++ b/include/ietf_constants.h
@@ -529,6 +529,11 @@ enum next_payload_types_ikev2
When we instantiate a connection we simply copy the certificate
over, without getting a reference count over the new certificate
reference, resulting in a bogus certificate when the instance is
deleted.
Signed-off-by: Herbert Xu
diff --git a/programs/pluto/connections.c b/programs/pluto/connecti
We can only dereference cc after the fin_count check as otherwise
we may dereference unallocated memory.
Signed-off-by: Herbert Xu
diff --git a/programs/pluto/nss_cert_vfy.c b/programs/pluto/nss_cert_vfy.c
index 41ec630..ae13de6 100644
--- a/programs/pluto/nss_cert_vfy.c
+++ b/programs/pluto
We need to parse the CP payload and set the address before we do
the TS check as otherwise we are bound to fail if the TS uses the
address that CP will set.
Signed-off-by: Herbert Xu
diff --git a/programs/pluto/ikev2_parent.c b/programs/pluto/ikev2_parent.c
index 5620f97..95803a3 100644
---
The display for modecfg client/server status in ipsec whack --status
is reversed.
Signed-off-by: Herbert Xu
diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
index 1a03c29..6e9b2f2 100644
--- a/programs/pluto/connections.c
+++ b/programs/pluto/connections.c
@@ -3438,8 +343
The current IKEv2 code is prone to generating STATE_UNDEFINED
child states when something goes wrong (e.g., no proposal chosen).
So we best not crash when encountering such states.
Signed-off-by: Herbert Xu
diff --git a/programs/pluto/state.c b/programs/pluto/state.c
index acbf0c7..a720845 1
11 matches
Mail list logo