diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/config/child_cfg.c | 4 | ||||
| -rw-r--r-- | src/libcharon/config/proposal.c | 13 | ||||
| -rw-r--r-- | src/libcharon/config/proposal.h | 4 |
3 files changed, 15 insertions, 6 deletions
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index b675c908f..33d47a41e 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -165,7 +165,7 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, current = current->clone(current); if (strip_dh) { - current->strip_dh(current); + current->strip_dh(current, MODP_NONE); } proposals->insert_last(proposals, current); } @@ -194,7 +194,7 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, { if (strip_dh) { - stored->strip_dh(stored); + stored->strip_dh(stored, MODP_NONE); } selected = stored->select(stored, supplied, private); if (selected) diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index e12fed7ba..4803c7be2 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -232,14 +232,21 @@ METHOD(proposal_t, has_dh_group, bool, } METHOD(proposal_t, strip_dh, void, - private_proposal_t *this) + private_proposal_t *this, diffie_hellman_group_t keep) { + enumerator_t *enumerator; algorithm_t *alg; - while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS) + enumerator = this->dh_groups->create_enumerator(this->dh_groups); + while (enumerator->enumerate(enumerator, (void**)&alg)) { - free(alg); + if (alg->algorithm != keep) + { + this->dh_groups->remove_at(this->dh_groups, enumerator); + free(alg); + } } + enumerator->destroy(enumerator); } /** diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h index 77e200acc..7733143a8 100644 --- a/src/libcharon/config/proposal.h +++ b/src/libcharon/config/proposal.h @@ -111,8 +111,10 @@ struct proposal_t { /** * Strip DH groups from proposal to use it without PFS. + * + * @param keep group to keep (MODP_NONE to remove all) */ - void (*strip_dh)(proposal_t *this); + void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep); /** * Compare two proposal, and select a matching subset. |