ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

child-create: Properly handle DH group during migration when reestablishing 

If such a task was active while reestablishing it will get queued on the
new IKE_SA.  If the DH group is already set, the DH groups won't be
stripped from the proposals and a KE payload will be sent, which is invalid
during IKE_AUTH.  We don't want to reset the group if the task is part of a
child-rekey task.
This commit is contained in:
Tobias Brunner 2020-04-01 09:48:56 +02:00
parent 1665a4e050
commit 0184a69b7b
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/libcharon/sa/ikev2/tasks/child_create.c
View File

@ -1853,7 +1853,10 @@ METHOD(task_t, migrate, void,
{
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
}
if (!this->rekey)
{
this->dh_group = MODP_NONE;
}
this->ike_sa = ike_sa;
this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
this->proposal = NULL;