[Openswan dev] Multiple RW in Aggressive Mode with different PSK
hiren joshi
joshihirenn at gmail.com
Wed Jan 7 09:13:56 EST 2009
I tested it and it switches connections as needed.
A minor modification in the patch:
--- connections.c.orig 2008-12-30 18:42:26.000000000 +0530
+++ connections.c 2009-01-02 12:51:31.000000000 +0530
@@ -3785,7 +3785,7 @@ refine_host_connection(const struct stat
if (dpsk == NULL)
continue; /* no secret */
- if (psk != dpsk)
+ if (!aggrmode && psk != dpsk)
if (psk->len != dpsk->len
|| memcmp(psk->ptr, dpsk->ptr, psk->len) != 0)
continue; /* different secret */
Regards,
-hiren
> > Should I bypass the check for Aggressive mode?
> >
> > --- connections.c.orig 2008-12-30 18:42:26.000000000 +0530
> > +++ connections.c 2008-12-30 21:28:10.000000000 +0530
> > @@ -3785,7 +3785,7 @@ refine_host_connection(const struct stat
> > if (dpsk == NULL)
> > continue; /* no secret */
> >
> > - if (psk != dpsk)
> > + if (!(d->policy & POLICY_AGGRESSIVE) && psk != dpsk)
> > if (psk->len != dpsk->len
> > || memcmp(psk->ptr, dpsk->ptr, psk->len) != 0)
> > continue; /* different secret */
>
> That looks like a proper fix. Did you do any testing?
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20090107/774b5dc0/attachment.html
More information about the Dev
mailing list