Am Tue, Jun 29, 2021 at 10:39:06AM +0000 schrieb Claudia Priesterjahn:
> We added two AUTHENTICATION_FAILED notifications for the cases that
> the peer used an unexepected authentication method and for the case
> that the peer's authentication data is not accessible.
Bit of a spacing issue, but that can be fixed prior to commit. I'd also
drop the comments, since the function call seems self explanatory. With
that changed, ok patrick@.
> diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
> index 9e890979110..1870dc18459 100644
> --- a/sbin/iked/ikev2.c
> +++ b/sbin/iked/ikev2.c
> @@ -805,6 +805,8 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa)
> ikev2_auth_map),
> print_map(ikeauth.auth_method,
> ikev2_auth_map));
> + /* send N(AUTHENTICATION_FAILED) back */
> + ikev2_send_auth_failed(env, sa);
> return (-1);
> }
> ikeauth.auth_method = sa->sa_peerauth.id_type;
> @@ -813,6 +815,8 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa)
> sa->sa_hdr.sh_initiator)) == NULL) {
> log_debug("%s: failed to get auth data",
> __func__);
> + /* send N(AUTHENTICATION_FAILED) back */
> + ikev2_send_auth_failed(env, sa);
> return (-1);
> }
>
