ikev1: Pass current auth-cfg when looking for key to determine auth method
authorTobias Brunner <tobias@strongswan.org>
Wed, 19 Aug 2015 15:25:30 +0000 (17:25 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 19 Aug 2015 15:39:01 +0000 (17:39 +0200)
If multiple certificates use the same subjects we might choose the wrong
one otherwise. This way we use the one referenced with leftcert and
stored in the auth-cfg and we actually do the same thing later in the
pubkey authenticator.

Fixes #1077.

src/libcharon/sa/ikev1/phase1.c

index c968b2a..b7047e8 100644 (file)
@@ -404,7 +404,7 @@ static auth_method_t get_pubkey_method(private_phase1_t *this, auth_cfg_t *auth)
                id = (identification_t*)auth->get(auth, AUTH_RULE_IDENTITY);
                if (id)
                {
-                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, NULL);
+                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth);
                        if (private)
                        {
                                switch (private->get_type(private))