Don't trigger reauthentication if initiator authenticated using XAuth
authorMartin Willi <martin@revosec.ch>
Tue, 3 Jan 2012 10:28:45 +0000 (11:28 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:32 +0000 (17:31 +0100)
src/libcharon/sa/ike_sa.c

index e5b2f8f..c7a8a97 100644 (file)
@@ -1326,6 +1326,7 @@ METHOD(ike_sa_t, reauth, status_t,
        {
                DBG1(DBG_IKE, "initiator did not reauthenticate as requested");
                if (this->other_virtual_ip != NULL ||
+                       has_condition(this, COND_XAUTH_AUTHENTICATED) ||
                        has_condition(this, COND_EAP_AUTHENTICATED)
 #ifdef ME
                        /* as mediation server we too cannot reauth the IKE_SA */