diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2007-02-19 09:00:47 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2007-02-19 09:00:47 +0000 |
| commit | 9c0feff58d2d9b693b0fd27d8c6f470f752626f0 (patch) | |
| tree | 2ea41fb52ab185138a272c8f931b273ee0cb56ae /sbin/ipsecctl/parse.y | |
| parent | 435fe6f49a52da02ed19bf951a7f2a8f0492b706 (diff) | |
Bits for ESP+NULL encryption. This is useful, when AH can not be
used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk
at gmail.com>, thanks!
ok markus@
Diffstat (limited to 'sbin/ipsecctl/parse.y')
| -rw-r--r-- | sbin/ipsecctl/parse.y | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index c15d9a07a13..af15c94214f 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.119 2007/02/19 08:29:30 hshoexer Exp $ */ +/* $OpenBSD: parse.y,v 1.120 2007/02/19 09:00:46 hshoexer Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -1991,11 +1991,11 @@ validate_sa(u_int32_t spi, u_int8_t satype, struct ipsec_transforms *xfs, return (0); } if (xfs && xfs->authxf) { - if (!authkey) { + if (!authkey && xfs->authxf != &authxfs[AUTHXF_NONE]) { yyerror("no authentication key specified"); return (0); } - if (authkey->len != xfs->authxf->keymin) { + if (authkey && authkey->len != xfs->authxf->keymin) { yyerror("wrong authentication key length, needs to be " "%d bits", xfs->authxf->keymin * 8); return (0); |