Bug 712168

Summary: AH protocol broken with Openswan
Product: Red Hat Enterprise Linux 6 Reporter: Benjamin Kahn <bkahn>
Component: openswanAssignee: Avesh Agarwal <avagarwa>
Status: CLOSED ERRATA QA Contact: Aleš Mareček <amarecek>
Severity: medium Docs Contact:
Priority: urgent    
Version: 6.2CC: amarecek, avagarwa, ebenes, iboverma, jwest, pm-eus, sgrubb
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openswan-2_6_32-4_el6_1.1 Doc Type: Bug Fix
Doc Text:
Previously, Openswan failed to set up AH (Authentication Header) mode security associations (SAs). This was because Openswan was erroneously processing the AH mode as if it was the ESP (Ecrypted Secure Payload) mode, and was expecting an encryption key. This update fixes this issue, and it is now possible to properly set up AH mode SAs.
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-19 21:26:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 704548    
Bug Blocks:    

Description Benjamin Kahn 2011-06-09 16:56:16 UTC
This bug has been copied from bug #704548 and has been proposed
to be backported to 6.1 z-stream (EUS).

Comment 4 Martin Prpič 2011-07-13 19:42:34 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, Openswan failed to set up AH (Authentication Header) mode security associations (SAs). This was because Openswan was erroneously processing the AH mode as if it was the ESP (Ecrypted Secure Payload) mode, and was expecting an encryption key. This update fixes this issue, and it is now possible to properly set up AH mode SAs.

Comment 5 errata-xmlrpc 2011-07-19 21:26:20 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0961.html