CVSROOT: /cvs Module name: src Changes by: to...@cvs.openbsd.org 2020/03/10 12:54:52
Modified files: sbin/iked : iked.h ikev2.c policy.c Log message: Relookup policy based on received cryptographic parameter proposal. The IKEv2 responder does not know which policy is negotiated until the ID payload is received in the IKE_AUTH exchange. iked therefore chooses a default policy until the final policy is selected. This change adds a policy relookup during the IKE_SA_INIT. If the received proposal is not compatible with the default policy we switch to the next highest ranked policy that is compatible with the received proposal. ok kn@ markus@