[sr #107489] ipsec_ike_key created in wrong code path
Micah Anderson
INVALID.NOREPLY at gnu.org
Sat Oct 2 16:01:56 CEST 2010
Follow-up Comment #1, sr #107489 (project gnutls):
There is another issue with the ike patch that must be resolved:
according to http://tools.ietf.org/html/rfc4945#section-5.1.3.2:
*if* any KU is set,
*then* either digSig or nonRep *must* be set within that KU for all IKE
certs
this is currently not happening in the attached patches, so please hold off
on applying these until this has been adjusted.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107489>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list