ikev2: add hint to the log when IDs do not match

author Filip Tehlar <ftehlar@cisco.com>

Tue, 26 Jan 2021 22:06:48 +0000 (22:06 +0000)

committer Beno�t Ganne <bganne@cisco.com>

Thu, 4 Feb 2021 18:12:13 +0000 (18:12 +0000)
author Filip Tehlar <ftehlar@cisco.com>
Tue, 26 Jan 2021 22:06:48 +0000 (22:06 +0000)
committer Beno�t Ganne <bganne@cisco.com>
Thu, 4 Feb 2021 18:12:13 +0000 (18:12 +0000)
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c

index 8bb3277..0236764 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1666,7 +1666,11 @@ ikev2_sa_auth (ikev2_sa_t * sa)
              sel_p = p;
              break;
            }
-
+       else
+         {
+           ikev2_elog_uint (IKEV2_LOG_ERROR, "shared key mismatch! ispi %lx",
+                            sa->ispi);
+         }
        }
      else if (sa_auth->method == IKEV2_AUTH_METHOD_RSA_SIG)
        {
@@ -1679,6 +1683,11 @@ ikev2_sa_auth (ikev2_sa_t * sa)
              sel_p = p;
              break;
            }
+       else
+         {
+           ikev2_elog_uint (IKEV2_LOG_ERROR,
+                            "cert verification failed! ispi %lx", sa->ispi);
+         }
        }
  
      vec_free(auth);
author	Filip Tehlar <ftehlar@cisco.com>
	Tue, 26 Jan 2021 22:06:48 +0000 (22:06 +0000)
committer	Beno�t Ganne <bganne@cisco.com>
	Thu, 4 Feb 2021 18:12:13 +0000 (18:12 +0000)