child-create: Don't consider a DH group mismatch as failure as responder

This causes problems e.g. on Android where we handle the alert (and
reestablish the IKE_SA) even though it usually is no problem if the
peer retries with the requested group.  We don't consider it as a
failure on the initiator either.

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index cac3bc0a2391a51b327b07880d97b82b1f90fafc..4d4d72e0b01656c496d5c2104adb871ea5ce58da 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1377,7 +1377,6 @@ METHOD(task_t, build_r, status_t,
                        uint16_t group = htons(this->dh_group);
                        message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
                                                                chunk_from_thing(group));
-                       handle_child_sa_failure(this, message);
                        return SUCCESS;
                }
                case FAILED: