proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all

src/libcharon/config/child_cfg.c

@@ -165,7 +165,7 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
 		current = current->clone(current);
 		if (strip_dh)
 		{
-			current->strip_dh(current);
+			current->strip_dh(current, MODP_NONE);
 		}
 		proposals->insert_last(proposals, current);
 	}
@@ -194,7 +194,7 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
 		{
 			if (strip_dh)
 			{
-				stored->strip_dh(stored);
+				stored->strip_dh(stored, MODP_NONE);
 			}
 			selected = stored->select(stored, supplied, private);
 			if (selected)

src/libcharon/config/proposal.c

@@ -232,14 +232,21 @@ METHOD(proposal_t, has_dh_group, bool,
 }
 
 METHOD(proposal_t, strip_dh, void,
-	private_proposal_t *this)
+	private_proposal_t *this, diffie_hellman_group_t keep)
 {
+	enumerator_t *enumerator;
 	algorithm_t *alg;
 
-	while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS)
+	enumerator = this->dh_groups->create_enumerator(this->dh_groups);
+	while (enumerator->enumerate(enumerator, (void**)&alg))
 	{
-		free(alg);
+		if (alg->algorithm != keep)
+		{
+			this->dh_groups->remove_at(this->dh_groups, enumerator);
+			free(alg);
+		}
 	}
+	enumerator->destroy(enumerator);
 }
 
 /**

src/libcharon/config/proposal.h

@@ -111,8 +111,10 @@ struct proposal_t {
 
 	/**
 	 * Strip DH groups from proposal to use it without PFS.
+	 *
+	 * @param keep			group to keep (MODP_NONE to remove all)
 	 */
-	void (*strip_dh)(proposal_t *this);
+	void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep);
 
 	/**
 	 * Compare two proposal, and select a matching subset.