aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/ikev1/tasks/aggressive_mode.c')
-rw-r--r--src/libcharon/sa/ikev1/tasks/aggressive_mode.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 66e6451ea..8fa2d525e 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -380,6 +380,23 @@ METHOD(task_t, process_r, status_t,
this->method = sa_payload->get_auth_method(sa_payload);
this->lifetime = sa_payload->get_lifetime(sa_payload);
+ switch (this->method)
+ {
+ case AUTH_XAUTH_INIT_PSK:
+ case AUTH_XAUTH_RESP_PSK:
+ case AUTH_PSK:
+ if (!lib->settings->get_bool(lib->settings, "charon.i_dont_"
+ "care_about_security_and_use_aggressive_mode_psk", FALSE))
+ {
+ DBG1(DBG_IKE, "Aggressive Mode PSK disabled for "
+ "security reasons");
+ return send_notify(this, AUTHENTICATION_FAILED);
+ }
+ break;
+ default:
+ break;
+ }
+
if (!this->proposal->get_algorithm(this->proposal,
DIFFIE_HELLMAN_GROUP, &group, NULL))
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 17:53:10 +0000