Don't send CERTREQs when initiating aggressive mode PSK
authorMartin Willi <martin@revosec.ch>
Mon, 9 Jul 2012 10:05:23 +0000 (12:05 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 9 Jul 2012 10:05:23 +0000 (12:05 +0200)
src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c

index 8ba5a2a..ea5da4e 100644 (file)
@@ -349,6 +349,10 @@ METHOD(task_t, build_i, status_t,
                case AGGRESSIVE:
                        if (this->state == CR_SA)
                        {
+                               if (!use_certs(this, message))
+                               {
+                                       return SUCCESS;
+                               }
                                build_certreqs(this, message);
                        }
                        return NEED_MORE;