[Openswan dev] Pluto esp transform selection behaviour

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Frank" == Frank Schmirler <osdev at schmirler.de> writes:
    Frank> Hi,

    Frank> is there a reason why pluto checks only the first esp
    Frank> transform it receives when configured in strict mode
    Frank> (i.e. esp= given in config)? This leads to inconsistent
    Frank> behaviour:

  Can you provide a test case that explains the problem, which fails
with the code as it is, and succeeds with your patch?
  Please see testing/pluto/basic-pluto-XX

    Frank> Let's assume A is forced to 3des only. If initiator B
    Frank> proposes aes as first transform and 3des as second one, the
    Frank> connection will fail. If B proposes 3des first and then aes,
    Frank> everything's fine.

  I thought we had a test case for this already.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRi9PWoCLcPvd0N1lAQItmQgAuTk+SUEMwqkaVFad9CvVopm9r0NFQq1N
GuLxIE3Igfgf37KTgyny5GWxGvWTjU+xjwnuSYhUoHiEFZLQ0UYR3jbV2iInjy+R
5eamLLyV2iLW5x5h+ZWwnkiRG0zw0OD2gCMlkBGqM3zOEkffhPT6Sze4GIyF27ag
y6+nf0sztLoc9DiAOmQbN3+kbwKnoS2czjYo3ysSsF5WYsm+mlN2ACGObq4tzdpR
lVPw69UMhc6nvGNlcXZx4aB9VPv1aiXezvLYthj95fzGLlQH1yTR/4GihmCPHmqY
WUUe/fYUxfsbNDoSXy9b3lNUBO7oBItJTsp01s/LNUyxrLX2k0m4cw==
=EBUm
-----END PGP SIGNATURE-----