[strongSwan-dev] [PATCH] XAUTH workaround for Android 4
Tobias Brunner
tobias at strongswan.org
Tue Apr 24 09:43:40 CEST 2012
Hi Gerd,
> So I created the attached patch with a workaround for Android:
> strongswan then accepts one extra null byte at the end of the secret.
Thanks for the patch. I pushed an equivalent but slightly modified fix
to master (see [1]).
> I don't think this weakens security as no sane configuration would allow a
> nullbyte in a password.
Yeah, probably not. So this could theoretically also be fixed directly
when reading the XAuth password from the payload. But that would break
if someone already configured secrets with null-bytes at the end.
> <rant>Why in hell did stupid Google chose a buggy patched racoon over
> strongswan? They could have had IKEv2, a working MOBIKE implementation, EAP-
> AKA,...</rant>
Could be a licensing thing (see [2]). IPsec-Tools (racoon) is licensed
under a more permissive BSD license.
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7d85bebc
[2] http://source.android.com/source/licenses.html
More information about the Dev
mailing list