ike-init: Switch to an alternative config if proposals don't match
authorTobias Brunner <tobias@strongswan.org>
Tue, 29 May 2018 15:04:12 +0000 (17:04 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 28 Jun 2018 16:46:42 +0000 (18:46 +0200)
commit054ee5e7c0c5f5334f9de1be041b29af3e4161aa
treedfba1ade591f22cd5a7ea0ae4b38f11a67c9ce16
parentda288a07aa248a38a3ba6dde5e7b110e8f85aced
ike-init: Switch to an alternative config if proposals don't match

This way we don't rely on the order of equally matching configs as
heavily anymore (which is actually tricky in vici) and this also doesn't
require repeating weak algorithms in all configs that might potentially be
selected if there are some clients that require them.

There is currently no ordering, so an explicitly configured exactly matching
proposal isn't a better match than e.g. the default proposal that also
contains the proposed algorithms.
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ikev2/tasks/ike_init.c