[sr #107489] ipsec_ike_key created in wrong code path

Micah Anderson INVALID.NOREPLY at gnu.org
Sat Oct 2 16:01:56 CEST 2010


Follow-up Comment #1, sr #107489 (project gnutls):

There is another issue with the ike patch that must be resolved:

according to http://tools.ietf.org/html/rfc4945#section-5.1.3.2: 

*if* any KU is set, 
*then* either digSig or nonRep *must* be set within that KU for all IKE
certs

this is currently not happening in the attached patches, so please hold off
on applying these until this has been adjusted.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107489>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





More information about the Gnutls-devel mailing list