/*
* Update/check the PFS.
*
* For the responder, go with what ever was negotiated. For
* the initiator, check what was negotiated against what was
* sent.
*/
const struct oakley_group_desc *accepted_dh =
proto_info->attrs.transattrs.ta_dh;
switch (st->st_sa_role) {
case SA_INITIATOR:
pexpect(expect_accepted);
if (accepted_dh != NULL && accepted_dh != st->st_pfs_group) {
loglog(RC_LOG_SERIOUS,
"expecting %s but remote's accepted proposal
includes %s",
st->st_pfs_group == NULL ? "no DH" :
st->st_pfs_group->common.fqn,
accepted_dh == NULL ? "no DH" :
accepted_dh->common.fqn);
return STF_FAIL + v2N_NO_PROPOSAL_CHOSEN;
}
st->st_pfs_group = accepted_dh;
break;
coverity noticed that
accepted_dh == NULL ? "no DH" :
accepted_dh->common.fqn);
was silly because we know that accepted_dh is not NULL (the preceding if
checks).
I'm wondering, whether the test is correct. Should it be || instead of &&?
It's not clear to me.
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
