strongswan.org
Wiki/Project Management
Downloads
Gitweb
projects
/
strongswan.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
never send a CERT payload in EAP
[strongswan.git]
/
src
/
charon
/
sa
/
tasks
/
ike_cert_post.c
diff --git
a/src/charon/sa/tasks/ike_cert_post.c
b/src/charon/sa/tasks/ike_cert_post.c
index
fc0cb23
..
70e87c2
100644
(file)
--- a/
src/charon/sa/tasks/ike_cert_post.c
+++ b/
src/charon/sa/tasks/ike_cert_post.c
@@
-20,6
+20,7
@@
#include <sa/ike_sa.h>
#include <encoding/payloads/cert_payload.h>
#include <encoding/payloads/certreq_payload.h>
#include <sa/ike_sa.h>
#include <encoding/payloads/cert_payload.h>
#include <encoding/payloads/certreq_payload.h>
+#include <encoding/payloads/auth_payload.h>
#include <credentials/certificates/x509.h>
#include <credentials/certificates/x509.h>
@@
-101,15
+102,15
@@
static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, certifi
static void build_certs(private_ike_cert_post_t *this, message_t *message)
{
peer_cfg_t *peer_cfg;
static void build_certs(private_ike_cert_post_t *this, message_t *message)
{
peer_cfg_t *peer_cfg;
- auth_
cfg_t *auth
;
+ auth_
payload_t *payload
;
+ payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
- auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
- if (!peer_cfg ||
- (uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS) != AUTH_CLASS_PUBKEY)
- {
+ if (!peer_cfg || !payload || payload->get_auth_method(payload) == AUTH_PSK)
+ { /* no CERT payload for EAP/PSK */
return;
}
return;
}
+
switch (peer_cfg->get_cert_policy(peer_cfg))
{
case CERT_NEVER_SEND:
switch (peer_cfg->get_cert_policy(peer_cfg))
{
case CERT_NEVER_SEND:
@@
-126,6
+127,9
@@
static void build_certs(private_ike_cert_post_t *this, message_t *message)
enumerator_t *enumerator;
certificate_t *cert;
auth_rule_t type;
enumerator_t *enumerator;
certificate_t *cert;
auth_rule_t type;
+ auth_cfg_t *auth;
+
+ auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
/* get subject cert first, then issuing certificates */
cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
/* get subject cert first, then issuing certificates */
cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
@@
-166,10
+170,8
@@
static void build_certs(private_ike_cert_post_t *this, message_t *message)
*/
static status_t build_i(private_ike_cert_post_t *this, message_t *message)
{
*/
static status_t build_i(private_ike_cert_post_t *this, message_t *message)
{
- if (message->get_payload(message, AUTHENTICATION))
- { /* CERT payloads are sended along AUTH payloads */
- build_certs(this, message);
- }
+ build_certs(this, message);
+
return NEED_MORE;
}
return NEED_MORE;
}
@@
-186,10
+188,8
@@
static status_t process_r(private_ike_cert_post_t *this, message_t *message)
*/
static status_t build_r(private_ike_cert_post_t *this, message_t *message)
{
*/
static status_t build_r(private_ike_cert_post_t *this, message_t *message)
{
- if (message->get_payload(message, AUTHENTICATION))
- { /* CERT payloads are sended along AUTH payloads */
- build_certs(this, message);
- }
+ build_certs(this, message);
+
if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
{ /* stay alive, we might have additional rounds with certs */
return NEED_MORE;
if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
{ /* stay alive, we might have additional rounds with certs */
return NEED_MORE;
projects / strongswan.git / blobdiff