chiark / gitweb /
~mdw / tripe / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow different peer associations to use different private keys.
[tripe] / server / keyexch.c
diff --git a/server/keyexch.c b/server/keyexch.c
index 1527a297f8e1fcc4ad71b3cbe3e913b2d661b594..50a85f6f95c72fc1a868bacdbfea795a81a1ee09 100644 (file)
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -1383,11 +1383,11 @@ newkeys:
 
 int kx_init(keyexch *kx, peer *p, keyset **ks, unsigned f)
 {
-  if ((kx->kpriv = km_findpriv(tag_priv)) == 0) goto fail_0;
+  if ((kx->kpriv = km_findpriv(p_privtag(p))) == 0) goto fail_0;
   if ((kx->kpub = km_findpub(p_tag(p))) == 0) goto fail_1;
-  if (!km_samealgsp(kx->kpriv, kx->kpub)) {
-    a_warn("KX", "?PEER", kx->p, "algorithms-mismatch",
-          "local-private-key", "%s", tag_priv,
+  if (!group_samep(kx->kpriv->g, kx->kpub->g)) {
+    a_warn("KX", "?PEER", kx->p, "group-mismatch",
+          "local-private-key", "%s", p_privtag(p),
           "peer-public-key", "%s", p_tag(p),
           A_END);
     goto fail_2;
Trivial IP Encryption: a simple VPN