Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
authorMartin Willi <martin@revosec.ch>
Mon, 16 Apr 2012 14:55:14 +0000 (16:55 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 17 Apr 2012 08:02:21 +0000 (10:02 +0200)
src/libcharon/sa/tasks/ike_init.c

index b8e66c7..dd8a4b0 100644 (file)
@@ -517,8 +517,11 @@ METHOD(task_t, migrate, void,
        this->ike_sa = ike_sa;
        this->keymat = ike_sa->get_keymat(ike_sa);
        this->proposal = NULL;
-       DESTROY_IF(this->dh);
-       this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
+       if (this->dh && this->dh->get_dh_group(this->dh) != this->dh_group)
+       {       /* reset DH value only if group changed (INVALID_KE_PAYLOAD) */
+               this->dh->destroy(this->dh);
+               this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
+       }
 }
 
 METHOD(task_t, destroy, void,