git.ipfire.org Git - thirdparty/strongswan.git/commit

author	Thomas Egerer <thomas.egerer@secunet.com>
	Thu, 12 Sep 2019 14:58:46 +0000 (16:58 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 6 Mar 2020 10:15:15 +0000 (11:15 +0100)
commit	05e373aeb02f339cb2ae11f611904302ff0a9351
tree	6d9ccd790dd9aff7f5381d9dd2834e0a62db6224	tree
parent	61769fd1e31b49f451dda33a36c7d5cf639698b5	commit \| diff

ike: Optionally allow private algorithms for IKE/CHILD_SAs

Charon refuses to make use of algorithms IDs from the private space
for unknown peer implementations [1]. If you chose to ignore and violate
that section of the RFC since you *know* your peers *must* support those
private IDs, there's no way to disable that behavior.

With this commit a strongswan.conf option is introduced which allows to
deliberately ignore parts of section 3.12 from the standard.

[1] http://tools.ietf.org/html/rfc7296#section-3.12

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>

conf/options/charon.opt		diff \| blob \| blame \| history
src/libcharon/sa/ikev1/tasks/main_mode.c		diff \| blob \| blame \| history
src/libcharon/sa/ikev1/tasks/quick_mode.c		diff \| blob \| blame \| history
src/libcharon/sa/ikev2/tasks/child_create.c		diff \| blob \| blame \| history
src/libcharon/sa/ikev2/tasks/ike_auth.c		diff \| blob \| blame \| history
src/libcharon/sa/ikev2/tasks/ike_init.c		diff \| blob \| blame \| history