Changeset 162:79768bf7d208 in freeDiameter for freeDiameter/p_ce.c
- Timestamp:
- Jan 26, 2010, 1:23:03 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
freeDiameter/p_ce.c
r160 r162 782 782 } 783 783 784 /* Do we send ISI back? */784 /* Do we agree on ISI ? */ 785 785 if ( ! fd_cnx_getTLS(peer->p_cnxctx) ) { 786 if (peer->p_hdr.info.config.pic_flags.sec & PI_SEC_NONE) 787 isi = PI_SEC_NONE; /* Maybe we should also look at peer->p_hdr.info.runtime.pir_isi here ? */ 788 else 786 /* In case of responder, the validate callback must have set the config.pic_flags.sec value already */ 787 if (!peer->p_hdr.info.config.pic_flags.sec) { 788 /* The peer did not send the Inband-Security-Id AVP, reject */ 789 TRACE_DEBUG(INFO, "No security mechanism advertised by peer '%s', sending DIAMETER_NO_COMMON_SECURITY", peer->p_hdr.info.pi_diamid); 790 ec = "DIAMETER_NO_COMMON_SECURITY"; 791 fatal = 1; 792 goto error_abort; 793 } 794 795 /* Now, check if we agree on the value IPsec */ 796 if ((peer->p_hdr.info.config.pic_flags.sec & PI_SEC_NONE) && (peer->p_hdr.info.runtime.pir_isi & PI_SEC_NONE)) { 797 isi = PI_SEC_NONE; 798 } else if ((peer->p_hdr.info.config.pic_flags.sec & PI_SEC_TLS_OLD) && (peer->p_hdr.info.runtime.pir_isi & PI_SEC_TLS_OLD)) { 789 799 isi = PI_SEC_TLS_OLD; 800 } 801 802 /* If we did not find an agreement */ 803 if (!isi) { 804 TRACE_DEBUG(INFO, "No common security mechanism with '%s', sending DIAMETER_NO_COMMON_SECURITY", peer->p_hdr.info.pi_diamid); 805 ec = "DIAMETER_NO_COMMON_SECURITY"; 806 fatal = 1; 807 goto error_abort; 808 } 790 809 } 791 810
Note: See TracChangeset
for help on using the changeset viewer.