A wrong variable is used (route instead of best), so much that the
returned interface belongs to the last seen route instead of the best
choice route.
get_route() may therefore return mismatching interface and gateway.
Fixes: 66e9165bc6 ("kernel-netlink: Return outbound interface in get_nexthop()")
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
So far every "newer" CRL (higher serial or by date) replaced an existing
"older" CRL. This meant that delta CRLs replaced an existing base CRL
and that base CRLs weren't added if a delta CRL was already stored. So
the base had to be re-fetched every time after a delta CRL was added.
With this change one delta CRL to the latest base may be stored. A newer
delta CRL will replace an existing delta CRL (but not its base, older
base CRLs are removed, though). And a newer base will replace the existing
base and optional delta CRL.
This was added a few years ago because pki --signcrl once encoded serials
incorrectly as eight byte blobs. But still ensure we have can handle
overflows in case the serial is encoded incorrectly without zero-prefix.
BoringSSL only supports a limited list of (hard-coded) algorithms via
EVP_get_cipherbyname(), which does not include AES-GCM. While BoringSSL
deprecated these functions they are also supported by OpenSSL (in BoringSSL
a completely new interface for AEADs was added, which OpenSSL currently does
not support).
In case of an empty LDAP result during a CRL fetch (for example, due to
a wrong filter attribute in the LDAP URI, or invalid LDAP configuration),
the call to ldap_result2error() with NULL value for "entry" lead to
a crash.
Closesstrongswan/strongswan#52.
Adds checks for proposals parsed from strings. For instance, the presence
of DH, PRF and encryption algorithms for IKE are now enforced and AEAD and
regular encryption algorithms are not allowed in the same proposal anymore.
Also fixed is the mapping of the aes*gmac keywords to an integrity algorithm
in AH proposals.
We parse aes*gmac as encryption algorithm, which we have to map to an
integrity algorithm. We also make sure we remove all other encryption
algorithms and ensure there is an integrity algorithm.
Adds the ability to parse KEY_ANY keys via the pkcs1 and openssl plugins.
This is then used in the pki utility, where private keys may now be
loaded via `priv` keyword instead of having to specify the type of the key
explicitly. And swanctl can load any type of key from the swanctl/private
directory.
If a responder is natted it will usually be a static NAT (unless it's a
mediated connection) in which case adding these notifies makes not much
sense (if the initiator's NAT mapping had changed the responder wouldn't
be able to reach it anyway). It's also problematic as some clients refuse
to respond to DPDs if they contain such notifies.
Fixes#2126.
charon-nm fails to find the private key when its CKA_ID doesn't match the
subjectKeyIdentifier of the X.509 certificate. In such cases, the private
key builder now falls back to enumerating all the certificates, looking for
one that matches the supplied subjectKeyIdentifier. It then uses the CKA_ID
of that certificate to find the corresponding private key.
It effectively means that PKCS#11 tokens where the only identifier to relate
the certificate, the public key, and the private key is the CKA_ID are now
supported by charon-nm.
Fixes#490.
Sends a DELETE when rekeyed IKE_SAs are deleted. This fixes issues with
peers (e.g. Cisco) that continue to send DPDs on the old SA and then
delete all SAs if no response is received. But since the DELETE could get
dropped this might not fix the issue in all cases.
Also, when terminating an IKE_SA DELETES for all CHILD_SAs are now sent
before sending one for the IKE_SA and destroying it.
Fixes#2090.
If we silently delete the IKE_SA the other peer might still use it even
if only to send DPDs. If we don't answer to DPDs that might result in the
deletion of the new IKE_SA too.
Andreas Steffen