aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Source/charon/config/configuration_manager.c10
-rw-r--r--Source/charon/encoding/payloads/ts_payload.c4
-rw-r--r--Source/charon/sa/states/ike_auth_requested.c3
-rw-r--r--Source/charon/sa/states/ike_sa_init_responded.c14
4 files changed, 19 insertions, 12 deletions
diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index de424c576..d3c6425d4 100644
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -292,20 +292,22 @@ static void load_default_config (private_configuration_manager_t *this)
proposals[0].integrity_algorithm_key_length = 16;
proposals[0].pseudo_random_function = PRF_HMAC_MD5;
proposals[0].pseudo_random_function_key_length = 16;
- proposals[0].diffie_hellman_group = MODP_1024_BIT;
+ proposals[0].diffie_hellman_group = MODP_768_BIT;
proposals[1] = proposals[0];
proposals[1].integrity_algorithm = AUTH_HMAC_SHA1_96;
proposals[1].integrity_algorithm_key_length = 20;
proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
proposals[1].pseudo_random_function_key_length = 20;
+ proposals[1].diffie_hellman_group = MODP_1024_BIT;
- init_config1->add_proposal(init_config1,1,proposals[0]);
init_config1->add_proposal(init_config1,1,proposals[1]);
- init_config2->add_proposal(init_config2,1,proposals[0]);
+ init_config1->add_proposal(init_config1,1,proposals[0]);
init_config2->add_proposal(init_config2,1,proposals[1]);
- init_config3->add_proposal(init_config3,1,proposals[0]);
+ init_config2->add_proposal(init_config2,1,proposals[0]);
init_config3->add_proposal(init_config3,1,proposals[1]);
+ init_config3->add_proposal(init_config3,1,proposals[0]);
+
sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
ID_IPV4_ADDR, "152.96.193.131",
diff --git a/Source/charon/encoding/payloads/ts_payload.c b/Source/charon/encoding/payloads/ts_payload.c
index d9e17c680..59b732245 100644
--- a/Source/charon/encoding/payloads/ts_payload.c
+++ b/Source/charon/encoding/payloads/ts_payload.c
@@ -128,7 +128,7 @@ encoding_rule_t ts_payload_encodings[] = {
static status_t verify(private_ts_payload_t *this)
{
iterator_t *iterator;
- status_t status = FAILED;
+ status_t status = SUCCESS;
if (this->critical)
{
@@ -340,7 +340,7 @@ ts_payload_t *ts_payload_create(bool is_initiator)
this->next_payload = NO_PAYLOAD;
this->payload_length =TS_PAYLOAD_HEADER_LENGTH;
this->is_initiator = is_initiator;
- this->number_of_traffic_selectors=0;
+ this->number_of_traffic_selectors = 0;
this->traffic_selectors = linked_list_create();
return &(this->public);
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index 208898593..199a062d3 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -407,8 +407,7 @@ static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_i
/* check if the responder selected valid proposals */
if (ts_selected_count != ts_received_count)
{
- this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors. Deleting IKE_SA");
- status = DELETE_ME;
+ this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors.");
}
/* cleanup */
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 0e481f78d..b3680da05 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -414,9 +414,13 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
}
else
{
- this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Deleting IKE_SA");
- this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
- status = DELETE_ME;
+ this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
+/* this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
+ status = DELETE_ME; */
+ sa_response = sa_payload_create();
+ response->add_payload(response, (payload_t*)sa_response);
+
+ status = SUCCESS;
}
@@ -484,7 +488,9 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_
}
if(ts_selected_count == 0)
{
- status = DELETE_ME;
+ this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any traffic selectors.");
+ ts_response = ts_payload_create(ts_initiator);
+ response->add_payload(response, (payload_t*)ts_response);
}
else
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 10:23:32 +0000