Use received identity to look up PSK as aggressive responder

author Martin Willi <martin@revosec.ch>

Wed, 23 May 2012 10:18:45 +0000 (12:18 +0200)

committer Martin Willi <martin@revosec.ch>

Wed, 23 May 2012 10:18:45 +0000 (12:18 +0200)
author Martin Willi <martin@revosec.ch>
Wed, 23 May 2012 10:18:45 +0000 (12:18 +0200)
committer Martin Willi <martin@revosec.ch>
Wed, 23 May 2012 10:18:45 +0000 (12:18 +0200)
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c

index 709bc6c..20abd0a 100644 (file)
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -131,13 +131,20 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this,
         }
  
         if (peer_cfg)
-       {       /* as initiator, use identities from configuraiton */
+       {       /* as initiator or aggressive responder, use identities */
                 my_auth = get_auth_cfg(peer_cfg, TRUE);
                 other_auth = get_auth_cfg(peer_cfg, FALSE);
                 if (my_auth && other_auth)
                 {
                         my_id = my_auth->get(my_auth, AUTH_RULE_IDENTITY);
-                       other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
+                       if (peer_cfg->use_aggressive(peer_cfg))
+                       {
+                               other_id = this->ike_sa->get_other_id(this->ike_sa);
+                       }
+                       else
+                       {
+                               other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
+                       }
                         if (my_id && other_id)
                         {
                                 shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
author	Martin Willi <martin@revosec.ch>
	Wed, 23 May 2012 10:18:45 +0000 (12:18 +0200)
committer	Martin Willi <martin@revosec.ch>
	Wed, 23 May 2012 10:18:45 +0000 (12:18 +0200)