CVSROOT: /cvs Module name: src Changes by: to...@cvs.openbsd.org 2020/03/24 12:50:18
Modified files: sbin/iked : ikev2.c Log message: The certreq payload has no use in PSK authenticated exchanges. Once we are sure the policy uses PSK we can safely ignore it. The initiator always knows what authentication method will be used, the responder knows after the policy relookup with the initiator's ID. The old behaviour broke interop with strongswan when PSK was used. ok markus@