Fixed rekey protocol with PFS, which was broken.

diff --git a/CHANGES b/CHANGES
index 7611885ccbe17f72fa3a9bfe78d30e6cddc473ee..a372c867d8a1931f72ef48d5f9f2c7fe6ce51119 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,9 @@ Wed Apr  3 09:57:47 CEST 2002  Pekka Riikonen <priikone@silcnet.org>
        * Do not check public key types in SKE during rekey.  Affected
          file lib/silcske/payload.c.
 
+       * Fixed the rekey protocol with PFS, which was totally broken.
+         Affected file silcd/protocol.c.
+
 Tue Apr  2 14:55:06 CEST 2002  Pekka Riikonen <priikone@silcnet.org>
 
        * Some client implementations quit network by doing first LEAVE

diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c
index ed22ce15ef14cbc044a7745545d444457eacc8f9..65fafeeae26e53ab27c5f39f2231a9f7e39a4eaa 100644 (file)
--- a/apps/silcd/protocol.c
+++ b/apps/silcd/protocol.c
@@ -1559,7 +1559,10 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
 
     /* We received the REKEY_DONE packet and all packets after this is
        encrypted with the new key so set the decryption key to the new key */
-    silc_server_protocol_rekey_generate(server, ctx, FALSE);
+    if (ctx->pfs == TRUE)
+      silc_server_protocol_rekey_generate_pfs(server, ctx, FALSE);
+    else
+      silc_server_protocol_rekey_generate(server, ctx, FALSE);
 
     /* Assure that after calling final callback there cannot be pending
        executions for this protocol anymore. This just unregisters any