Thanks again. The connections are all working.
On 4/20/17 8:54 PM, Igor V. Gubenko wrote:
> Thank you, the patch appears to work. I haven't fully tested
> connecting/establishing connections, so I'll send another update.
>
> Prior to the patch, iked also complained about lack of public keys for
> PSK connections 1 and 2 (in /etc/iked/pubkeys/fqdn/)
> It doesn't mind them being absent anymore though.
>
> - Igor
>
> On 4/20/17 5:44 PM, Reyk Floeter wrote:
>> --- sbin/iked/parse.y 28 Mar 2017 16:56:39 -0000 1.64
>> +++ sbin/iked/parse.y 20 Apr 2017 21:40:14 -0000
>> @@ -1807,7 +1807,7 @@ set_policy(char *idstr, int type, struct
>> {
>> char keyfile[PATH_MAX];
>> const char *prefix = NULL;
>> - EVP_PKEY *key;
>> + EVP_PKEY *key = NULL;
>>
>> switch (type) {
>> case IKEV2_ID_IPV4:
>> @@ -1822,6 +1822,9 @@ set_policy(char *idstr, int type, struct
>> case IKEV2_ID_UFQDN:
>> prefix = "ufqdn";
>> break;
>> + case IKEV2_ID_ASN1_DN:
>> + /* public key authentication is not supported with ASN.1 IDs */
>> + goto done;
>> default:
>> /* Unspecified ID or public key not supported for this type */
>> log_debug("%s: unknown type = %d", __func__, type);
>> @@ -1841,6 +1844,7 @@ set_policy(char *idstr, int type, struct
>> keyfile);
>> }
>>
>> + done:
>> if (set_policy_auth_method(keyfile, key, pol) < 0) {
>> EVP_PKEY_free(key);
>> log_warnx("%s: failed to set policy auth method for %s",
