ike: Optionally allow private algorithms for IKE/CHILD_SAs

[thirdparty/strongswan.git] / src / libcharon / sa / ikev1 / tasks / quick_mode.c

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 89d74442501b6eb230276cfe945b4742284e1b8b..f494e48c83ddb175b4e65141d4868abef1286285 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1132,7 +1132,9 @@ METHOD(task_t, process_r, status_t,
                                DESTROY_IF(list);
                                list = sa_payload->get_proposals(sa_payload);
                        }
-                       if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+                       if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)
+                               && !lib->settings->get_bool(lib->settings,
+                                                                       "%s.accept_private_algs", FALSE, lib->ns))
                        {
                                flags |= PROPOSAL_SKIP_PRIVATE;
                        }
@@ -1370,7 +1372,9 @@ METHOD(task_t, process_i, status_t,
                                DESTROY_IF(list);
                                list = sa_payload->get_proposals(sa_payload);
                        }
-                       if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+                       if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)
+                               && !lib->settings->get_bool(lib->settings,
+                                                                       "%s.accept_private_algs", FALSE, lib->ns))
                        {
                                flags |= PROPOSAL_SKIP_PRIVATE;
                        }