**charon-cmd** instead of **charon**). For many options defaults can be
defined in the **libstrongswan** section.
+charon.accept_private_algs = no
+ Deliberately violate the IKE standard's requirement and allow the use of
+ private algorithm identifiers, even if the peer implementation is unknown.
+
charon.accept_unencrypted_mainmode_messages = no
Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
}
list = sa_payload->get_proposals(sa_payload);
- if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)
+ && !lib->settings->get_bool(lib->settings,
+ "%s.accept_private_algs", FALSE, lib->ns))
{
flags |= PROPOSAL_SKIP_PRIVATE;
}
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
list = sa_payload->get_proposals(sa_payload);
- if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)
+ && !lib->settings->get_bool(lib->settings,
+ "%s.accept_private_algs", FALSE, lib->ns))
{
flags |= PROPOSAL_SKIP_PRIVATE;
}
DESTROY_IF(list);
list = sa_payload->get_proposals(sa_payload);
}
- if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)
+ && !lib->settings->get_bool(lib->settings,
+ "%s.accept_private_algs", FALSE, lib->ns))
{
flags |= PROPOSAL_SKIP_PRIVATE;
}
DESTROY_IF(list);
list = sa_payload->get_proposals(sa_payload);
}
- if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)
+ && !lib->settings->get_bool(lib->settings,
+ "%s.accept_private_algs", FALSE, lib->ns))
{
flags |= PROPOSAL_SKIP_PRIVATE;
}
{
flags |= PROPOSAL_SKIP_DH;
}
- if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN) &&
+ !lib->settings->get_bool(lib->settings, "%s.accept_private_algs",
+ FALSE, lib->ns))
{
flags |= PROPOSAL_SKIP_PRIVATE;
}
my_id = this->ike_sa->get_my_id(this->ike_sa);
other_id = this->ike_sa->get_other_id(this->ike_sa);
ike_proposal = this->ike_sa->get_proposal(this->ike_sa);
- private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
+ private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN) ||
+ lib->settings->get_bool(lib->settings, "%s.accept_private_algs",
+ FALSE, lib->ns);
DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]",
me, my_id, other, other_id);
ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
proposal_list = sa_payload->get_proposals(sa_payload);
- if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN) &&
+ !lib->settings->get_bool(lib->settings, "%s.accept_private_algs",
+ FALSE, lib->ns))
{
flags |= PROPOSAL_SKIP_PRIVATE;
}
projects / thirdparty / strongswan.git / commitdiff
