<html><body>
<p><tt>On Fri, 12 Mar 2004, Mathieu Lafon wrote:<br>
</tt><br>
<tt>> I've made a patch to suppress one of pluto's current limitation : allow<br>
> usage of both PSK and RSA authentication for roadwarriors.<br>
><br>
> Comments are appreciated.<br>
> <br>
> Patch is against Openswan 1.0.0 and is available at<br>
> <a href="http://open-source.arkoon.net/openswan.php">http://open-source.arkoon.net/openswan.php</a><br>
</tt><br>
<tt>Patch has been updated to include a fix when an SPI is included in</tt><br>
<tt>ISAKMP Proposal (SSH Sentinel does that).</tt><br>
<br>
<tt>--</tt><br>
<br>
<tt>diff -ru openswan-1.0.0-psk-rsa/pluto/spdb.c openswan-1.0.0-psk-rsa-2/pluto/spdb.c</tt><br>
<tt>--- openswan-1.0.0-psk-rsa/pluto/spdb.c Fri Mar 12 17:16:32 2004</tt><br>
<tt>+++ openswan-1.0.0-psk-rsa-2/pluto/spdb.c Wed Mar 17 17:44:16 2004</tt><br>
<tt>@@ -832,6 +832,17 @@</tt><br>
<tt> if (!in_struct(&proposal, &isakmp_proposal_desc, sa_pbs, &proposal_pbs))</tt><br>
<tt> return LEMPTY;</tt><br>
<tt> </tt><br>
<tt>+ if (proposal.isap_spisize > MAX_ISAKMP_SPI_SIZE)</tt><br>
<tt>+ return LEMPTY;</tt><br>
<tt>+</tt><br>
<tt>+ if (proposal.isap_spisize > 0)</tt><br>
<tt>+ {</tt><br>
<tt>+ u_char junk_spi[MAX_ISAKMP_SPI_SIZE];</tt><br>
<tt>+</tt><br>
<tt>+ if (!in_raw(junk_spi, proposal.isap_spisize, &proposal_pbs, "Oakley SPI"))</tt><br>
<tt>+ return LEMPTY;</tt><br>
<tt>+ }</tt><br>
<tt>+</tt><br>
<tt> trans_left = proposal.isap_notrans;</tt><br>
<tt> while (trans_left--) {</tt><br>
<tt> if (!in_struct(&trans, &isakmp_isakmp_transform_desc, &proposal_pbs,</tt><br>
<br>
<br>
<tt>-- </tt><br>
<tt>Mathieu Lafon - Arkoon Network Security</tt></body></html>