Re: [Swan-dev] does basic-pluto-01-nosecrets have a usecase?

2020-09-17 Thread Andrew Cagney
On Thu, 17 Sep 2020 at 16:13, Paul Wouters wrote: > On Wed, 16 Sep 2020, Andrew Cagney wrote: > > > First, I believe ikev2-03-basic-rawrsa-ckaid is fixed. It uses > the CKAID to directly locate the raw key in the NSS DB. To confirm it is > > working, look in west.pluto.log for "CKAID".The use

Re: [Swan-dev] does basic-pluto-01-nosecrets have a usecase?

2020-09-17 Thread Paul Wouters
On Wed, 16 Sep 2020, Andrew Cagney wrote: First, I believe ikev2-03-basic-rawrsa-ckaid is fixed.  It uses the CKAID to directly locate the raw key in the NSS DB.  To confirm it is working, look in west.pluto.log for "CKAID".The use case for this test is pretty easy:- generate the raw key -

Re: [Swan-dev] can add connection require a private key?

2020-09-17 Thread Paul Wouters
On Thu, 17 Sep 2020, Andrew Cagney wrote: Currently the code just warns when trying to add a connection with no private key.   Instead much much later - during the auth exchange - the code tries to find the private key. Presumably this is because the end may not need the private key. Yes.

[Swan-dev] xfrmi work conflict

2020-09-17 Thread Antony Antony
recent xfrmi changes https://github.com/libreswan/libreswan/commit/78253c41f6200f2f505e14775cdbaca3b40ae5c8 has a few conflicts with xfrmi fixes I was working on, and discused here on swan-dev. I am not able to follow up the code churn and things going too fast, may be there is pressure of

Re: [Swan-dev] does basic-pluto-01-nosecrets have a usecase?

2020-09-17 Thread Andrew Cagney
On Thu, 17 Sep 2020 at 12:42, Antony Antony wrote: > On Wed, Sep 16, 2020 at 10:35:07PM -0400, Andrew Cagney wrote: > > First, I believe ikev2-03-basic-rawrsa-ckaid is fixed. It uses > the CKAID to > > directly locate the raw key in the NSS DB. To confirm it is working, > look in > >

Re: [Swan-dev] does basic-pluto-01-nosecrets have a usecase?

2020-09-17 Thread Antony Antony
On Wed, Sep 16, 2020 at 10:35:07PM -0400, Andrew Cagney wrote: > First, I believe ikev2-03-basic-rawrsa-ckaid is fixed.  It uses the CKAID to > directly locate the raw key in the NSS DB.  To confirm it is working, look in > west.pluto.log for "CKAID". add an empty file ipsec.secrets in the test

[Swan-dev] can add connection require a private key?

2020-09-17 Thread Andrew Cagney
Currently the code just warns when trying to add a connection with no private key. Instead much much later - during the auth exchange - the code tries to find the private key. Presumably this is because the end may not need the private key. I'm wondering if there's enough information available