child-create: Properly handle DH group during migration when reestablishing
If such a task was active while reestablishing it will get queued on the new IKE_SA. If the DH group is already set, the DH groups won't be stripped from the proposals and a KE payload will be sent, which is invalid during IKE_AUTH. We don't want to reset the group if the task is part of a child-rekey task.
This commit is contained in:
parent
1665a4e050
commit
0184a69b7b
|
@ -1853,7 +1853,10 @@ METHOD(task_t, migrate, void,
|
|||
{
|
||||
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
|
||||
}
|
||||
|
||||
if (!this->rekey)
|
||||
{
|
||||
this->dh_group = MODP_NONE;
|
||||
}
|
||||
this->ike_sa = ike_sa;
|
||||
this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
|
||||
this->proposal = NULL;
|
||||
|
|
Loading…
Reference in New Issue