ikev1: Be more verbose if a peer config would match, but is unusable for Mode
authorMartin Willi <martin@revosec.ch>
Thu, 25 Sep 2014 15:09:53 +0000 (17:09 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 25 Sep 2014 15:21:54 +0000 (17:21 +0200)
src/libcharon/sa/ikev1/phase1.c

index 114b8a3..d01a831 100644 (file)
@@ -536,6 +536,7 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
        enumerator_t *enumerator;
        peer_cfg_t *current;
        host_t *me, *other;
+       int unusable = 0;
 
        if (this->peer_cfg)
        {       /* try to find an alternative config */
@@ -571,6 +572,10 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
                                this->candidates->insert_last(this->candidates, current);
                        }
                }
+               else
+               {
+                       unusable++;
+               }
        }
        enumerator->destroy(enumerator);
 
@@ -580,6 +585,13 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
                         this->peer_cfg->get_name(this->peer_cfg));
                return this->peer_cfg->get_ref(this->peer_cfg);
        }
+       if (unusable)
+       {
+               DBG1(DBG_IKE, "found %d matching config%s, but none allows %N "
+                        "authentication using %s Mode", unusable, unusable > 1 ? "s" : "",
+                        auth_method_names, method, aggressive ? "Aggressive" : "Main");
+               return NULL;
+       }
        DBG1(DBG_IKE, "no peer config found");
        return NULL;
 }