[Openswan dev] IKEv2 with missing auth payload causes ASSERTION FAILED at programs/pluto/state.c:298: *p == st
Paul Wouters
paul at xelerance.com
Wed Jan 27 15:17:11 EST 2010
I just got a report of a crasher in the ikev2 code when no auth payload is present:
In ikev2_parent.c ikev2_parent_inI2outR2_tail() we check for the auth payload:
/* process AUTH payload */
if(!md->chain[ISAKMP_NEXT_v2AUTH]) {
openswan_log("no authentication payload found");
return STF_FAIL;
}
If not found, we return STF_FAIL. However, we somehow end up in state.c rehash_state()
where we hit:
/* unlink from forward chain */
passert(*p == st);
*p = st->st_hashchain_next;
I don't have a stack trace (yet), so I'm not sure yet what is going on. The two events
could be unrelated, though I don't think they are as they happened within the same second.
The cause here is that we received a cert without having the CAcert that signed it.
Paul
More information about the Dev
mailing list