Don't send DELETE notify if IKE SA is replaced because of

'enforcesingleikesa'. Fixes an interop problem with strongswan if make-before-break is enabled. ok patrick@
author: tobhe <tobhe@openbsd.org> 2021-03-23 21:31:29 +0000
committer: tobhe <tobhe@openbsd.org> 2021-03-23 21:31:29 +0000
commit: 402eaff54e7845e7cf82f69ab69bdc5221b0b1c2 (patch)
tree: 98c65a257786bb03db3d46fbccf94368471ecbf3 /sbin
parent: OCSP_basic_verify() doesn't set errno, so use tls_set_errorx() (diff)
download: wireguard-openbsd-402eaff54e7845e7cf82f69ab69bdc5221b0b1c2.tar.xz
wireguard-openbsd-402eaff54e7845e7cf82f69ab69bdc5221b0b1c2.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 819e9d5be24..fd917367799 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.318 2021/03/15 22:29:17 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.319 2021/03/23 21:31:29 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -3409,7 +3409,7 @@ ikev2_record_dstid(struct iked *env, struct iked_sa *sa)
 			if (osa->sa_state == IKEV2_STATE_ESTABLISHED)
 				ikev2_disable_timer(env, osa);
 			ikev2_ike_sa_setreason(osa, "sa replaced");
-			ikev2_ikesa_delete(env, osa, 1);
+			ikev2_ikesa_delete(env, osa, 0);
 			timer_add(env, &osa->sa_timer,
 			    3 * IKED_RETRANSMIT_TIMEOUT);
 		}
author	tobhe <tobhe@openbsd.org>	2021-03-23 21:31:29 +0000
committer	tobhe <tobhe@openbsd.org>	2021-03-23 21:31:29 +0000
commit	402eaff54e7845e7cf82f69ab69bdc5221b0b1c2 (patch)
tree	98c65a257786bb03db3d46fbccf94368471ecbf3 /sbin
parent	OCSP_basic_verify() doesn't set errno, so use tls_set_errorx() (diff)
download	wireguard-openbsd-402eaff54e7845e7cf82f69ab69bdc5221b0b1c2.tar.xz wireguard-openbsd-402eaff54e7845e7cf82f69ab69bdc5221b0b1c2.zip