do not send certificate requests in EAP-ONLY scenarios

2025-10-06 00:00:47 -04:00 · 2010-10-14 21:10:03 +02:00 · 2010-10-14 21:10:03 +02:00 · 8d01a80819
commit 8d01a80819
parent 260d056170
6 changed files with 6 additions and 2 deletions
--- a/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat
@ -6,7 +6,7 @@ dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES
 dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
 dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
 moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES                
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES 
 moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
--- a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf
@ -18,5 +18,6 @@ conn home
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightsendcert=never
 	rightsubnet=10.1.0.0/16
 	auto=add
--- a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf
@ -18,5 +18,6 @@ conn home
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightsendcert=never
 	rightsubnet=10.1.0.0/16
 	auto=add
--- a/testing/tests/ikev2/rw-eap-tnc/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tnc/evaltest.dat
@ -7,7 +7,7 @@ dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::
 dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
 moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES              
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
 moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
--- a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf
@ -18,5 +18,6 @@ conn home
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightsendcert=never
 	rightsubnet=10.1.0.0/16
 	auto=add
--- a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf
@ -18,5 +18,6 @@ conn home
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightsendcert=never
 	rightsubnet=10.1.0.0/16
 	auto=add