child-rekey: Don't destroy IKE_SA if initiating CHILD_SA rekeying failed
authorTobias Brunner <tobias@strongswan.org>
Mon, 19 Feb 2018 14:09:34 +0000 (15:09 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 23 Feb 2018 08:25:46 +0000 (09:25 +0100)
This could happen if the peer e.g. selects an invalid DH group or
responds multiple time with an INVALID_KE_PAYLAOD notify.

src/libcharon/sa/ikev2/tasks/child_rekey.c

index f900566..3ca29bc 100644 (file)
@@ -213,7 +213,8 @@ METHOD(task_t, build_i, status_t,
                                                                           message) != NEED_MORE)
        {
                schedule_delayed_rekey(this);
-               return FAILED;
+               message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
+               return SUCCESS;
        }
        if (message->get_exchange_type(message) == CREATE_CHILD_SA)
        {