child-rekey: Use previously negotiated DH group when rekeying CHILD_SAs
authorTobias Brunner <tobias@strongswan.org>
Fri, 2 Feb 2018 09:48:21 +0000 (10:48 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 9 Feb 2018 09:20:05 +0000 (10:20 +0100)
commit27b0bd91d486c0438c5b02de320f6dc313612421
tree1dea01131c8c83b7233ae2ed40549ff9dc7d247f
parentf8e53003aa9f613c920ca7f42a36eeb988ad1852
child-rekey: Use previously negotiated DH group when rekeying CHILD_SAs

For the CHILD_SA created with the IKE_SA the group won't be set in the
proposal, so we will use the first one configure just as if the SA was
created new with a CREATE_CHILD_SA exchange.  I guess we could
theoretically try to use the DH group negotiated for IKE but then this
would get a lot more complicated as we'd have to check if that group is
actually contained in any of the CHILD_SA's configured proposals.
src/libcharon/sa/ikev2/tasks/child_rekey.c