[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-announce
Subject: Re: [strongSwan-dev] authorize hook on IKE auth
From: Emeric POUPON <emeric.poupon () stormshield ! eu>
Date: 2017-08-21 11:34:47
Message-ID: 1944819363.3275213.1503315287897.JavaMail.zimbra () stormshield ! eu
[Download RAW message or body]
> Hi Martin
>
>>> The authorize hook is called before the auth config is applied to the
>>> current IKE SA.
>>
>> This is intended. apply_auth_cfg() copies the currently active
>> authentication round to the list of completed authentication rounds.
>>
>> In your authorize hook, you can use ike_sa_t.get_auth_cfg() to get the
>> current authentication round data; after apply_auth_cfg() that object
>> is placed into the rounds completed. You can enumerate all completed
>> rounds using ike_sa_t.create_auth_cfg_enumerator().
>>
>
> Thanks for your answer.
> It seems to work fine using IKEv2 with PSK and PKI configs.
>
> However, it does not seem to work the same way with IKEv1 configs.
> During the hook, there is no active authentication round data, but it is set in
> the list of completed rounds.
>
> Is that a normal behavior?
>
> Regards,
No thoughts on this?
Emeric
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic