From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 5 Jun 2020 14:41:23 +0000 (+0200)
Subject: child-create: Don't reset DH group when retrying after INVALID_KE_PAYLOAD
X-Git-Tag: 5.9.0dr1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59ebdac49bec9374080b2f1a0027ea6a26dece2f;p=thirdparty%2Fstrongswan.git

child-create: Don't reset DH group when retrying after INVALID_KE_PAYLOAD

migrate() is called before retrying.

Fixes: 0184a69b7b14 ("child-create: Properly handle DH group during
migration when reestablishing")
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 278d09a606..2b9e68d3bf 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1853,7 +1853,7 @@ METHOD(task_t, migrate, void,
 	{
 		this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
 	}
-	if (!this->rekey)
+	if (!this->rekey && !this->retry)
 	{
 		this->dh_group = MODP_NONE;
 	}