From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 6 Sep 2017 14:41:42 +0000 (+0200)
Subject: child-create: Don't consider a DH group mismatch as failure as responder
X-Git-Tag: 5.6.1dr3~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7276f78aae95905d9dfe7ded485d6771c4fcaa0;p=thirdparty%2Fstrongswan.git

child-create: Don't consider a DH group mismatch as failure as responder

This causes problems e.g. on Android where we handle the alert (and
reestablish the IKE_SA) even though it usually is no problem if the
peer retries with the requested group.  We don't consider it as a
failure on the initiator either.
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index cac3bc0a23..4d4d72e0b0 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1377,7 +1377,6 @@ METHOD(task_t, build_r, status_t,
 			uint16_t group = htons(this->dh_group);
 			message->add_notify(message, FALSE, INVALID_KE_PAYLOAD,
 								chunk_from_thing(group));
-			handle_child_sa_failure(this, message);
 			return SUCCESS;
 		}
 		case FAILED: