Google Git
Sign in
chromium / chromiumos / overlays / chromiumos-overlay / 1606e9472300eb429f63fe17af377c61636042f3
commit1606e9472300eb429f63fe17af377c61636042f3[log] [tgz]
authorPaul Stewart <pstew@chromium.org>Fri Mar 21 20:52:23 2014
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Mon Mar 31 22:42:01 2014
tree161d346b8f3fb1622bada93aec78c364ef9279b0
parent151bc423ace00d3a83d7848312ef8f16e48c0d5d [diff]
strongSwan: Be lenient about downstream encryption

strongSwan has an "encryption" flag for each payload type.
It uses this flag both to signal whether it should encrypt
these payloads and whether to accept such payloads in an
unencrypted form.  Some VPN endpoints do not encrypt their
ID_V1 and HASH_V1 during ID_PROT during an XAUTH
authentication flow.  This doesn't expose a lot of
information and does not induce the client to expose
anything either.  This CL whitelists these specific payloads
from being rejected if they are not encrypted, but preserves
the client behavior of encrypting these payloads when they
are sent.

BUG=chromium:334620,chromium:267647
TEST=Perform XAUTH based L2TP/IPSec with a SonicWall
network_VPNConnect.l2tpipsec_cert
network_VPNConnect.l2tpipsec_psk
network_VPNConnect.l2tpipsec_xauth

Change-Id: Ie06ea3ca90dca96abf8451160c08736af17f0c41
Reviewed-on: https://chromium-review.googlesource.com/191108
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Paul Stewart <pstew@chromium.org>
Commit-Queue: Paul Stewart <pstew@chromium.org>
3 files changed
tree: 161d346b8f3fb1622bada93aec78c364ef9279b0
  1. app-accessibility/
  2. app-admin/
  3. app-benchmarks/
  4. app-crypt/
  5. app-editors/
  6. app-emulation/
  7. app-i18n/
  8. app-laptop/
  9. app-misc/
  10. app-portage/
  11. chromeos/
  12. chromeos-base/
  13. dev-cpp/
  14. dev-db/
  15. dev-embedded/
  16. dev-java/
  17. dev-lang/
  18. dev-libs/
  19. dev-python/
  20. dev-util/
  21. dev-vcs/
  22. eclass/
  23. licenses/
  24. media-fonts/
  25. media-gfx/
  26. media-libs/
  27. media-plugins/
  28. media-sound/
  29. metadata/
  30. net-analyzer/
  31. net-dialup/
  32. net-dns/
  33. net-firewall/
  34. net-fs/
  35. net-libs/
  36. net-misc/
  37. net-wireless/
  38. profiles/
  39. sys-apps/
  40. sys-auth/
  41. sys-block/
  42. sys-boot/
  43. sys-devel/
  44. sys-fs/
  45. sys-kernel/
  46. sys-libs/
  47. sys-power/
  48. sys-process/
  49. virtual/
  50. www-apache/
  51. x11-apps/
  52. x11-base/
  53. x11-drivers/
  54. x11-libs/
  55. x11-misc/
  56. x11-proto/
  57. x11-terms/
  58. .gitignore
  59. inherit-review-settings-ok
  60. PRESUBMIT.py
  61. ROOT_PRESUBMIT.py
  62. WATCHLISTS