Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon When encountering a certi...
details: https://anonhg.NetBSD.org/src/rev/112059144b1e
branches: trunk
changeset: 759781:112059144b1e
user: gdt <gdt%NetBSD.org@localhost>
date: Thu Dec 16 16:59:05 2010 +0000
description:
When encountering a certificate where "ID mismatched with ASN1
SubjectName", and verify_identifier is off, don't raise an error.
This makes the behavior match the man page.
Patch sent for review long ago:
http://mail-index.netbsd.org/tech-security/2006/03/24/0000.html
with no negative feedback received to date.
diffstat:
crypto/dist/ipsec-tools/src/racoon/oakley.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diffs (29 lines):
diff -r 98712da24da0 -r 112059144b1e crypto/dist/ipsec-tools/src/racoon/oakley.c
--- a/crypto/dist/ipsec-tools/src/racoon/oakley.c Thu Dec 16 16:08:57 2010 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/oakley.c Thu Dec 16 16:59:05 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: oakley.c,v 1.17 2009/08/24 09:33:03 vanhu Exp $ */
+/* $NetBSD: oakley.c,v 1.18 2010/12/16 16:59:05 gdt Exp $ */
/* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
@@ -1817,7 +1817,8 @@
"ID mismatched with ASN1 SubjectName.\n");
plogdump(LLV_DEBUG, id_b + 1, idlen);
plogdump(LLV_DEBUG, name->v, idlen);
- return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
+ if (iph1->rmconf->verify_identifier)
+ return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
}
return 0;
case IPSECDOI_ID_IPV4_ADDR:
@@ -1889,7 +1890,8 @@
"ID mismatched with subjectAltName.\n");
plogdump(LLV_DEBUG, id_b + 1, idlen);
plogdump(LLV_DEBUG, a, idlen);
- return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
+ if (iph1->rmconf->verify_identifier)
+ return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
}
return 0;
}
Home |
Main Index |
Thread Index |
Old Index