aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding/message.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2011-11-25 17:45:30 +0100
committerTobias Brunner <tobias@strongswan.org>2012-03-20 17:31:08 +0100
commit983e852af87ec33cb30a96fe09414cc1646f360a (patch)
tree9d9200e4d3eaea1885305fa3d9d186c0a241fd31 /src/libcharon/encoding/message.c
parente6732003f471032779ce5a88004bcdc02b22f9a6 (diff)
downloadstrongswan-983e852af87ec33cb30a96fe09414cc1646f360a.tar.bz2
strongswan-983e852af87ec33cb30a96fe09414cc1646f360a.tar.xz
Handle INFORMATIONAL_V1 messages when no keys have been derived yet.
This allows to gracefully process the INFORMATIONAL_V1 message rules which require the payloads to be encrypted and thus the exchange to be authenticated with a HASH payload. If such an exchange is now initiated before the ISAKMP_SA is established, the message is simply sent unencrypted and without HASH payload.
Diffstat (limited to 'src/libcharon/encoding/message.c')
-rw-r--r--src/libcharon/encoding/message.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index aa774e0c3..17adc5eb9 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1419,8 +1419,8 @@ METHOD(message_t, generate, status_t,
chunk_free(&hash);
}
- /* if at least one payload requires encryption, encrypt the message */
- /* TODO-IKEV1: set is_encrypted externally instead of this check? */
+ /* if at least one payload requires encryption, encrypt the message.
+ * if we have no key material available, the flag will be reset below */
enumerator = this->payloads->create_enumerator(this->payloads);
while (enumerator->enumerate(enumerator, (void**)&payload))
{
@@ -1447,6 +1447,7 @@ METHOD(message_t, generate, status_t,
else
{
DBG2(DBG_ENC, "not encrypting payloads");
+ this->is_encrypted = FALSE;
}
ike_header = ike_header_create_version(this->major_version,