Invoke ike_updown hook on authentication failure not before response sent
authorMartin Willi <martin@revosec.ch>
Wed, 29 Feb 2012 09:10:45 +0000 (10:10 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 5 Mar 2012 17:08:04 +0000 (18:08 +0100)
src/libcharon/sa/task_manager.c

index 7cdcf70..77d36f9 100644 (file)
@@ -641,11 +641,9 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
                                                                                                   enumerator);
                                }
                                break;
+                       case DESTROY_ME:
                        case FAILED:
                        default:
-                               charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
-                               /* FALL */
-                       case DESTROY_ME:
                                /* destroy IKE_SA, but SEND response first */
                                delete = TRUE;
                                break;
@@ -680,6 +678,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
                                                 this->responding.packet->clone(this->responding.packet));
        if (delete)
        {
+               charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
                return DESTROY_ME;
        }
        return SUCCESS;