[strongSwan-dev] [PATCH] XAUTH workaround for Android 4
tobias at strongswan.org
Tue Apr 24 09:43:40 CEST 2012
> So I created the attached patch with a workaround for Android:
> strongswan then accepts one extra null byte at the end of the secret.
Thanks for the patch. I pushed an equivalent but slightly modified fix
to master (see ).
> I don't think this weakens security as no sane configuration would allow a
> nullbyte in a password.
Yeah, probably not. So this could theoretically also be fixed directly
when reading the XAuth password from the payload. But that would break
if someone already configured secrets with null-bytes at the end.
> <rant>Why in hell did stupid Google chose a buggy patched racoon over
> strongswan? They could have had IKEv2, a working MOBIKE implementation, EAP-
Could be a licensing thing (see ). IPsec-Tools (racoon) is licensed
under a more permissive BSD license.
More information about the Dev