ikev2: Apply extensions and conditions before starting rekeying
authorMartin Willi <martin@revosec.ch>
Thu, 10 Apr 2014 08:24:34 +0000 (10:24 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 17 Apr 2014 07:24:51 +0000 (09:24 +0200)
The extensions and conditions apply to the rekeyed IKE_SA as well, so we should
migrate them. Especially when using algorithms from private space, we need
EXT_STRONGSWAN to properly select these algorithms during IKE rekeying.

src/libcharon/sa/ike_sa.c

index 4b4c1ce..7b38e02 100644 (file)
@@ -2028,6 +2028,12 @@ METHOD(ike_sa_t, inherit_pre, void,
        set_peer_cfg(this, other->peer_cfg);
        set_my_host(this, other->my_host->clone(other->my_host));
        set_other_host(this, other->other_host->clone(other->other_host));
        set_peer_cfg(this, other->peer_cfg);
        set_my_host(this, other->my_host->clone(other->my_host));
        set_other_host(this, other->other_host->clone(other->other_host));
+
+       /* apply extensions and conditions with a few exceptions */
+       this->extensions = other->extensions;
+       this->conditions = other->conditions;
+       this->conditions &= ~COND_STALE;
+       this->conditions &= ~COND_REAUTHENTICATING;
 }
 
 METHOD(ike_sa_t, inherit_post, void,
 }
 
 METHOD(ike_sa_t, inherit_post, void,