CVSROOT: /cvs Module name: src Changes by: to...@cvs.openbsd.org 2020/09/16 15:21:23
Modified files:
sbin/iked : parse.y
Log message:
Fix EAP authentication if the initiator sends no certificate
request. The locally configured request is used as fallback to find a
certificate or key to send. The local auth method for MSCHAP-V2 should
be IKEV2_AUTH_SIG_ANY, which defaults to X509 certificates, instead of
raw rsa keys.
Tested with Strongswan, iPhone and Windows
Found by and ok sthen@
ok patrick@
