child-create: Properly handle DH group during migration when reestablishing
If such a task was active while reestablishing it will get queued on the new IKE_SA. If the DH group is already set, the DH groups won't be stripped from the proposals and a KE payload will be sent, which is invalid during IKE_AUTH. We don't want to reset the group if the task is part of a child-rekey task.
This commit is contained in:
parent
1665a4e050
commit
0184a69b7b
|
@ -1853,7 +1853,10 @@ METHOD(task_t, migrate, void,
|
||||||
{
|
{
|
||||||
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
|
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
|
||||||
}
|
}
|
||||||
|
if (!this->rekey)
|
||||||
|
{
|
||||||
|
this->dh_group = MODP_NONE;
|
||||||
|
}
|
||||||
this->ike_sa = ike_sa;
|
this->ike_sa = ike_sa;
|
||||||
this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
|
this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
|
||||||
this->proposal = NULL;
|
this->proposal = NULL;
|
||||||
|
|
Loading…
Reference in New Issue