child-rekey: Use more appropriate error notifies if CHILD_SA is not found or getting...

These are the notifies we should return according to RFC 7296.

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index bd94ce6988d9e09729c24ebe081c86fb42dd14da..b32d2d72549366ce63934afc53f191abe75902ea 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -219,11 +219,16 @@ METHOD(task_t, build_r, status_t,
        child_cfg_t *config;
        uint32_t reqid;
 
-       if (this->child_sa == NULL ||
-               this->child_sa->get_state(this->child_sa) == CHILD_DELETING)
+       if (!this->child_sa)
        {
                DBG1(DBG_IKE, "unable to rekey, CHILD_SA not found");
-               message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
+               message->add_notify(message, TRUE, CHILD_SA_NOT_FOUND, chunk_empty);
+               return SUCCESS;
+       }
+       if (this->child_sa->get_state(this->child_sa) == CHILD_DELETING)
+       {
+               DBG1(DBG_IKE, "unable to rekey, we are deleting the CHILD_SA");
+               message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty);
                return SUCCESS;
        }