CVSROOT: /cvs Module name: src Changes by: to...@cvs.openbsd.org 2021/03/15 16:29:17
Modified files:
sbin/iked : ikev2.c
Log message:
Ignore msg_ke in CREATE_CHILD_SA if DH negotiation results in group
'none' (disabling PFS). Fixes a bug when the initiator sends a KE
payload but the negotiation results in DH group "none".
For other DH group mismatches we send an INVALID_KE notify, for 'none'
we can just ignore the KE payload.
ok patrick@
