From: Timo T. <tim...@ik...> - 2012-08-29 11:25:10
|
On Mon, 27 Aug 2012 14:22:09 +0200 Roman Hoog Antink <rh...@op...> wrote: > On 24.08.2012 11:02, Timo Teras wrote: > > On Thu, 23 Aug 2012 14:50:20 +0200 Roman Hoog Antink <rh...@op...> > > wrote: > > > >> Undecided issue about useless no-certificate warnings when using > >> RSA keys: > >> http://marc.info/?l=ipsec-tools-devel&m=130068991507168&w=2 > > > > Well - just before the verify_cert test, we have a big honking > > switch for the certtype. Maybe in the ISAKMP_CERT_PLAINRSA case > > (possibly also checking that we are not in hybrid mode) we just set > > a local variable "no_verify_needed" and in that case inhibit the > > warning. > > Find attached my revised patch regarding unnecessary warnings "CERT > validation disabled by configuration". I added the hybrid exception > check only for the case block, that actually contains the > ISAKMP_CERT_PLAINRSA nested case, not for the remaining hybrid modes. > > The values of no_verify_needed mean: > > -1: initial value; don't suppress warning > 0: hybrid mode potentially using plainRSA; don't suppress warning > 1: plainRSA but no hybrid mode; suppress warning Applied to CVS HEAD, and 0_8-stable branch. Thanks. |