CVSROOT: /cvs Module name: src Changes by: to...@cvs.openbsd.org 2020/03/24 12:50:18
Modified files:
sbin/iked : ikev2.c
Log message:
The certreq payload has no use in PSK authenticated exchanges. Once we are
sure the policy uses PSK we can safely ignore it.
The initiator always knows what authentication method will be used, the
responder knows after the policy relookup with the initiator's ID.
The old behaviour broke interop with strongswan when PSK was used.
ok markus@
