diff options
| author | Martin Willi <martin@revosec.ch> | 2010-04-21 08:40:55 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-04-21 08:41:46 +0200 |
| commit | 1f6a707d10b930c73b0b2b3958fbd59a194cd0c7 (patch) | |
| tree | 155b5fff51009dc1c99e925e6d1662c5c81a0193 | |
| parent | d0f1b3b96f675f7737b8a41ccf4b51908dfb722a (diff) | |
| download | strongswan-1f6a707d10b930c73b0b2b3958fbd59a194cd0c7.tar.bz2 strongswan-1f6a707d10b930c73b0b2b3958fbd59a194cd0c7.tar.xz | |
Ignore DH exchange in CHILD_SA rekeying if the selected proposal contains no DH group
| -rw-r--r-- | src/libcharon/sa/tasks/child_create.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/libcharon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c index 3f002f263..bea4f73d5 100644 --- a/src/libcharon/sa/tasks/child_create.c +++ b/src/libcharon/sa/tasks/child_create.c @@ -329,11 +329,11 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) this->dh_group = group; return INVALID_ARG; } - else - { - DBG1(DBG_IKE, "no acceptable proposal found"); - return FAILED; - } + /* the selected proposal does not use a DH group */ + DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal"); + DESTROY_IF(this->dh); + this->dh = NULL; + this->dh_group = MODP_NONE; } if (my_vip == NULL) |