Merge branch 'dh-group-rekey'
authorTobias Brunner <tobias@strongswan.org>
Fri, 9 Feb 2018 09:28:44 +0000 (10:28 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 9 Feb 2018 09:34:52 +0000 (10:34 +0100)
commitbb58dfb9b5e4de414a8e07cd2e97f710f140405c
tree8811b3ac1b9d142c2da68a14275cfad4f113e416
parentd058fd3c32b78b3e5b3a885ed66273803c187565
parent5a259ade4ecd3c3caa6c0c91f83ef1745d19d255
Merge branch 'dh-group-rekey'

These changes improve rekeying after the peer initially selected a
different DH group than we proposed.  Instead of using the configured DH
group again, and causing another INVALID_KE_PAYLOAD notify, we now reuse
the previously negotiated group.  We also send the selected DH group
first in the proposals (and move proposals that don't contain the group
to the back) so that implementations that select the proposal first and
without consulting the KE payload (e.g. strongSwan when preferring the
client's proposals) will see the preferred group first.

Fixes #2526.