ikev2: Don't adopt any CHILD_SA during make-before-break reauthentication
authorMartin Willi <martin@revosec.ch>
Wed, 4 Mar 2015 10:16:00 +0000 (11:16 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 4 Mar 2015 10:18:42 +0000 (11:18 +0100)
commit1a31fe5580e2e78b63eab16377dd81101b53316a
treee2935773fddc5c8c02b8a7b68d4472f90b76d2b3
parent436cdae840eacabff67b299bea48ff6211576d20
ikev2: Don't adopt any CHILD_SA during make-before-break reauthentication

While the comment is rather clear that we should not adopt live CHILD_SAs
during reauthentication in IKEv2, the code does nonetheless. Add an additional
version check to fix reauthentication if the reauth responder has a replace
uniqueids policy.

Fixes #871.
src/libcharon/sa/ike_sa_manager.c