Fixed rekey protocol with PFS, which was broken.

[silc.git] / apps / silcd / protocol.c

diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c
index 9e218217b4fdb5ddba43cc1e6df943fa6f3a9b5e..65fafeeae26e53ab27c5f39f2231a9f7e39a4eaa 100644 (file)
--- a/apps/silcd/protocol.c
+++ b/apps/silcd/protocol.c
@@ -310,11 +310,12 @@ int silc_server_protocol_ke_set_keys(SilcServer server,
 
   sock->user_data = (void *)conn_data;
 
-  SILC_LOG_INFO(("%s (%s) security properties: %s %s %s", 
+  SILC_LOG_INFO(("%s (%s) security properties: %s %s %s %s", 
                 sock->hostname, sock->ip,
                 idata->send_key->cipher->name,
                 (char *)silc_hmac_get_name(idata->hmac_send),
-                idata->hash->hash->name));
+                idata->hash->hash->name, 
+                ske->prop->flags & SILC_SKE_SP_FLAG_PFS ? "PFS" : ""));
 
   return TRUE;
 }
@@ -1558,7 +1559,10 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
 
     /* We received the REKEY_DONE packet and all packets after this is
        encrypted with the new key so set the decryption key to the new key */
-    silc_server_protocol_rekey_generate(server, ctx, FALSE);
+    if (ctx->pfs == TRUE)
+      silc_server_protocol_rekey_generate_pfs(server, ctx, FALSE);
+    else
+      silc_server_protocol_rekey_generate(server, ctx, FALSE);
 
     /* Assure that after calling final callback there cannot be pending
        executions for this protocol anymore. This just unregisters any