On Thu, 17 Sep 2020 at 16:13, Paul Wouters wrote:
> On Wed, 16 Sep 2020, Andrew Cagney wrote:
>
> > First, I believe ikev2-03-basic-rawrsa-ckaid is fixed. It uses
> the CKAID to directly locate the raw key in the NSS DB. To confirm it is
> > working, look in west.pluto.log for "CKAID".The use
On Wed, 16 Sep 2020, Andrew Cagney wrote:
First, I believe ikev2-03-basic-rawrsa-ckaid is fixed. It uses the CKAID to
directly locate the raw key in the NSS DB. To confirm it is
working, look in west.pluto.log for "CKAID".The use case for this test is
pretty easy:- generate the raw key
-
On Thu, 17 Sep 2020, Andrew Cagney wrote:
Currently the code just warns when trying to add a connection with no private
key. Instead much much later - during the auth exchange - the
code tries to find the private key.
Presumably this is because the end may not need the private key.
Yes.
recent xfrmi changes
https://github.com/libreswan/libreswan/commit/78253c41f6200f2f505e14775cdbaca3b40ae5c8
has a few conflicts with xfrmi fixes I was working on, and discused here on
swan-dev. I am not able to follow up the code churn and things going too
fast, may be there is pressure of
On Thu, 17 Sep 2020 at 12:42, Antony Antony wrote:
> On Wed, Sep 16, 2020 at 10:35:07PM -0400, Andrew Cagney wrote:
> > First, I believe ikev2-03-basic-rawrsa-ckaid is fixed. It uses
> the CKAID to
> > directly locate the raw key in the NSS DB. To confirm it is working,
> look in
> >
On Wed, Sep 16, 2020 at 10:35:07PM -0400, Andrew Cagney wrote:
> First, I believe ikev2-03-basic-rawrsa-ckaid is fixed. It uses the CKAID to
> directly locate the raw key in the NSS DB. To confirm it is working, look in
> west.pluto.log for "CKAID".
add an empty file ipsec.secrets in the test
Currently the code just warns when trying to add a connection with no
private key. Instead much much later - during the auth exchange - the
code tries to find the private key.
Presumably this is because the end may not need the private key.
I'm wondering if there's enough information available