diff options
author | Tobias Brunner <tobias@strongswan.org> | 2011-11-25 17:45:30 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2012-03-20 17:31:08 +0100 |
commit | 983e852af87ec33cb30a96fe09414cc1646f360a (patch) | |
tree | 9d9200e4d3eaea1885305fa3d9d186c0a241fd31 /src/libcharon/encoding/message.c | |
parent | e6732003f471032779ce5a88004bcdc02b22f9a6 (diff) | |
download | strongswan-983e852af87ec33cb30a96fe09414cc1646f360a.tar.bz2 strongswan-983e852af87ec33cb30a96fe09414cc1646f360a.tar.xz |
Handle INFORMATIONAL_V1 messages when no keys have been derived yet.
This allows to gracefully process the INFORMATIONAL_V1 message rules which
require the payloads to be encrypted and thus the exchange to be
authenticated with a HASH payload. If such an exchange is now initiated
before the ISAKMP_SA is established, the message is simply sent unencrypted
and without HASH payload.
Diffstat (limited to 'src/libcharon/encoding/message.c')
-rw-r--r-- | src/libcharon/encoding/message.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index aa774e0c3..17adc5eb9 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1419,8 +1419,8 @@ METHOD(message_t, generate, status_t, chunk_free(&hash); } - /* if at least one payload requires encryption, encrypt the message */ - /* TODO-IKEV1: set is_encrypted externally instead of this check? */ + /* if at least one payload requires encryption, encrypt the message. + * if we have no key material available, the flag will be reset below */ enumerator = this->payloads->create_enumerator(this->payloads); while (enumerator->enumerate(enumerator, (void**)&payload)) { @@ -1447,6 +1447,7 @@ METHOD(message_t, generate, status_t, else { DBG2(DBG_ENC, "not encrypting payloads"); + this->is_encrypted = FALSE; } ike_header = ike_header_create_version(this->major_version, |