[Openswan dev] Interop Bug: Windows XP + Openswan 2.1.2_20040427
Matthew Callaway
matt-openswan-dev at kindjal.net
Fri Apr 30 07:34:41 CEST 2004
Michael,
We spoke briefly about this on IRC. I apologize if my bug report was a
little verbose. I understand that the code in CVS HEAD fails some
regression tests at this time. I don't expect everything to work. I
just wanted to add this information, in case it's useful.
Below is the new code that relates to sending a certificate "if asked",
that appears to break XP interoperability. I believe it appears twice
in ipsec_doi.c.
I'll leave this issue alone until another release candidate appears that
passes all the regression tests. I'll check it against XP at that time
and let you know if there is still a problem.
Thanks,
Matt
programs/pluto/ipsec_doi.c
[snip]
+ if(requested_ca != NULL)
+ {
+ st->hidden_variables.st_got_certrequest = TRUE;
+ }
+
+ /*
+ * send certificate if we have one and auth is RSA, and we were
+ * told we can send one if asked, and we were asked, or we were told
+ * to always send one.
+ */
+ send_cert = st->st_oakley.auth == OAKLEY_RSA_SIG
+ && mycert.type != CERT_NONE
+ && ((st->st_connection->spd.this.sendcert == cert_sendifasked
+ && st->hidden_variables.st_got_certrequest)
+ || st->st_connection->spd.this.sendcert==cert_alwayssend);
+
+ doi_log_cert_thinking(md
+ , st->st_oakley.auth
+ , mycert.type
+ , st->st_connection->spd.this.sendcert
+ , st->hidden_variables.st_got_certrequest
+ , send_cert);
+
+ /* send certificate request, if we don't have a preloaded RSA public key */
+ send_cr = !no_cr_send && send_cert && !has_preloaded_public_key(st);
+
+ DBG(DBG_CONTROL
+ , DBG_log(" I am %ssending a certificate request"
+ , send_cr ? "" : "not "));
+
+ /*
+ * free collected certificate requests since as initiator
[snip]
More information about the Dev
mailing list