diff options
author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-16 11:06:32 +0000 |
---|---|---|
committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-12-16 11:06:32 +0000 |
commit | 0082a836e98e76e883d1034f4eab42017f054c35 (patch) | |
tree | 78b062118ebb1591bdfa3894a0c047156c249050 /chromeos/test/data/network | |
parent | 5b1ce25093fa93ae91366a05af80bcff999b113a (diff) | |
download | chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.zip chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.tar.gz chromium_src-0082a836e98e76e883d1034f4eab42017f054c35.tar.bz2 |
ONC: Reject ServerCARef in IPsec if PSK is used.
Looking at IpsecManager::Initialize in platform/vpn-manager/ipsec_manager.cc, then a CA certificate for server verification is rejected if a PSK is set.
However, in ONC, the ServerCARef was silently ignored if PSK was used. This might unintentionally reduce security.
Note: ServerCARef from ONC maps to server_ca_file in IpsecManager::Initialize.
PSK from ONC maps to psk_file in IpsecManager::Initialize.
BUG=276291
R=bartfab@chromium.org
Review URL: https://codereview.chromium.org/62173002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240865 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chromeos/test/data/network')
-rw-r--r-- | chromeos/test/data/network/invalid_settings_with_repairs.json | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/chromeos/test/data/network/invalid_settings_with_repairs.json b/chromeos/test/data/network/invalid_settings_with_repairs.json index 4f80434..0815629 100644 --- a/chromeos/test/data/network/invalid_settings_with_repairs.json +++ b/chromeos/test/data/network/invalid_settings_with_repairs.json @@ -187,6 +187,18 @@ } } }, + "ipsec-with-psk-and-cacert": { + "AuthenticationType": "PSK", + "IKEVersion": 1, + "PSK": "some psk", + "ServerCARef": "a cert ref" + }, + "ipsec-with-client-cert-missing-cacert": { + "AuthenticationType": "Cert", + "IKEVersion": 1, + "ClientCertType": "Ref", + "ClientCertRef": "a cert ref" + }, "openvpn-missing-verify-x509-name": { "GUID": "guid", "Type": "VPN", |