while testing xfrmi Tuomo noticed reggression in connswitch code. We lookd further, and found the issue in test cases too, ikev2-connswitch-01. Using git bisect: # first bad commit: [c3ac240cb62e032b3efaebe8cfec79de5ed9ccf2] IKEv2: # !POLICY_ALLOW_NO_SAN was only checked on initiator, not responder
To test this, currently in master you should revert two commits in specific; to avoid git revert conflict. git revert 2517cc59f7b3ec69a8d9 git revert c3ac240cb62e0 I didn't yet figure out why c3ac240cb is necessary. So I am not reverting this commit in master yet. good testrun https://testing.libreswan.org/v3.28-1421-g8bf69bdfb3-master/ikev2-connswitch-01/OUTPUT/east.pluto.log.gz bad testrun https://testing.libreswan.org/v3.28-1503-gc97100f98a-master/ikev2-connswitch-01/OUTPUT/east.pluto.log.gz git bisect log git bisect start # good: [8bf69bdfb3f128d5cded4117778e8265ac5f6035] testing: remove 3 TESTLIST cases that were lost git bisect good 8bf69bdfb3f128d5cded4117778e8265ac5f6035 # bad: [c97100f98a59eb01e47101dc976fff46e1a74a55] testing: delete sanitizers/ip-xfrm-compress.sed, guest-ip-*.sed make it redundant git bisect bad c97100f98a59eb01e47101dc976fff46e1a74a55 # bad: [e9df225627874eb7d8f62d2718b69e5b3787225b] crypto: cleanup cert debug-log lines git bisect bad e9df225627874eb7d8f62d2718b69e5b3787225b # bad: [b96dd91b05cec7469f556b94fd2f7e0432a6c4ed] testing: added ikev2-x509-29-selfsigned git bisect bad b96dd91b05cec7469f556b94fd2f7e0432a6c4ed # good: [a08acd71f46ee6151249fb24439c2802f6d0c89b] testing: nsrun: suppress logging root's command to .bash_history git bisect good a08acd71f46ee6151249fb24439c2802f6d0c89b # bad: [6e5f0fa4c36379ed9201e2e6ac120cfcf3c113cf] testing: fixup ikev2-x509-01-nss-debug git bisect bad 6e5f0fa4c36379ed9201e2e6ac120cfcf3c113cf # bad: [c3ac240cb62e032b3efaebe8cfec79de5ed9ccf2] IKEv2: !POLICY_ALLOW_NO_SAN was only checked on initiator, not responder git bisect bad c3ac240cb62e032b3efaebe8cfec79de5ed9ccf2 # good: [b438a635f64ed532a867ff43d38ca6123d910ea2] testing: fixup ikev1-x509-20-id-any-responder git bisect good b438a635f64ed532a867ff43d38ca6123d910ea2 # first bad commit: [c3ac240cb62e032b3efaebe8cfec79de5ed9ccf2] IKEv2: # !POLICY_ALLOW_NO_SAN was only checked on initiator, not responder _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
