/**
* Implementation of rekey_ike_sa_t.use_dh_group.
*/
-static bool use_dh_group(private_rekey_ike_sa_t *this, diffie_hellman_group_t dh_group)
+static void use_dh_group(private_rekey_ike_sa_t *this, diffie_hellman_group_t dh_group)
{
- if (this->connection->check_dh_group(this->connection, dh_group))
- {
- this->diffie_hellman = diffie_hellman_create(dh_group);
- if (this->diffie_hellman)
- {
- return TRUE;
- }
- }
- return FALSE;
+ this->diffie_hellman = diffie_hellman_create(dh_group);
}
/**
return SUCCESS;
}
- if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
+ /* check for correct state, except when retrying with another dh group */
+ if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED &&
+ !this->diffie_hellman)
{
this->logger->log(this->logger, ERROR,
"tried to rekey in state %s, aborted",
/* apply for notify processing */
this->next = next;
+
+ /* get a connection to replace current IKE_SA */
+ this->connection = charon->connections->get_connection_by_name(
+ charon->connections, this->ike_sa->get_name(this->ike_sa));
+ /* if connection lookup by name fails, try it with the hosts */
+ if (this->connection == NULL)
+ {
+ this->connection = charon->connections->get_connection_by_hosts(
+ charon->connections, me, other);
+ if (this->connection == NULL)
+ {
+ this->logger->log(this->logger, ERROR,
+ "no connection found to rekey IKE_SA, sending NO_RROPOSAL_CHOSEN");
+ build_notify(NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER, response, TRUE);
+ return FAILED;
+ }
+ }
+
/* Iterate over all payloads. */
payloads = request->get_payload_iterator(request);
while (payloads->has_next(payloads))
nonce_response->set_nonce(nonce_response, this->nonce_r);
}
- { /* get a connection to replace current IKE_SA */
- this->connection = charon->connections->get_connection_by_name(
- charon->connections,
- this->ike_sa->get_name(this->ike_sa));
- /* if connection lookup by name fails, try it with the hosts */
- if (this->connection == NULL)
- {
- this->connection = charon->connections->get_connection_by_hosts(
- charon->connections,
- me, other);
- if (this->connection == NULL)
- {
- this->logger->log(this->logger, ERROR,
- "no connection found to rekey IKE_SA, sending NO_RROPOSAL_CHOSEN");
- build_notify(NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER, response, TRUE);
- return FAILED;
- }
- }
- }
-
{ /* process SA payload */
linked_list_t *proposal_list;
sa_payload_t *sa_response;
notify_chunk.ptr = (u_int8_t*)¬ify_group;
notify_chunk.len = sizeof(notify_group);
build_notify(INVALID_KE_PAYLOAD, notify_chunk, response, TRUE);
- return DESTROY_ME;
+ return FAILED;
}
this->diffie_hellman->set_other_public_value(this->diffie_hellman,
ke_request->get_key_exchange_data(ke_request));
this->public.transaction.destroy = (void(*)(transaction_t*))destroy;
/* public functions */
- this->public.use_dh_group = (bool(*)(rekey_ike_sa_t*,diffie_hellman_group_t))use_dh_group;
+ this->public.use_dh_group = (void(*)(rekey_ike_sa_t*,diffie_hellman_group_t))use_dh_group;
this->public.cancel = (void(*)(rekey_ike_sa_t*))cancel;
/* private data */
projects / strongswan.git / commitdiff