While the comment is rather clear that we should not adopt live CHILD_SAs
during reauthentication in IKEv2, the code does nonetheless. Add an additional
version check to fix reauthentication if the reauth responder has a replace
uniqueids policy.
Fixes #871.
if (host->equals(host, duplicate->get_other_host(duplicate)))
{
/* looks like a reauthentication attempt */
- if (!new->has_condition(new, COND_INIT_CONTACT_SEEN))
+ if (!new->has_condition(new, COND_INIT_CONTACT_SEEN) &&
+ new->get_version(new) == IKEV1)
{
/* IKEv1 implicitly takes over children, IKEv2 recreates them
* explicitly. */