ikev2: if responder authentication fails, send AUTHENTICATION_FAILED
authorMartin Willi <martin@revosec.ch>
Fri, 17 May 2013 08:22:00 +0000 (10:22 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 11 Jun 2013 13:54:26 +0000 (15:54 +0200)
commiteaafcec190ff05fb59ca3e91ed9e4d01aa532b41
treef2275604d95b93e57904cb9c379082c79a01c59d
parent2788634c8cb68a02bf6729951a82fc14d2164a22
ikev2: if responder authentication fails, send AUTHENTICATION_FAILED

According to RFC 5996, we MAY send an INFORMATIONAL message having an
AUTHENTICATION_FAILED. We don't do any retransmits, though, but just close
the IKE_SA after one message has been sent, avoiding the danger that an
unauthenticated IKE_SA stays alive.
src/libcharon/sa/ikev2/tasks/ike_auth.c