ikev1: Avoid modifying local auth config when detecting pubkey method
authorTobias Brunner <tobias@strongswan.org>
Thu, 17 Dec 2015 17:18:09 +0000 (18:18 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 3 Mar 2016 16:26:14 +0000 (17:26 +0100)
If it was necessary to pass the local certificates we could probably
clone the config (but we don't do that either when later looking for the
key to actually authenticate).
Passing auth adds the same subject cert to the config over and over
again (I guess we could also try to prevent that by searching for
duplicates).

src/libcharon/sa/ikev1/phase1.c

index b7047e8..c968b2a 100644 (file)
@@ -404,7 +404,7 @@ static auth_method_t get_pubkey_method(private_phase1_t *this, auth_cfg_t *auth)
                id = (identification_t*)auth->get(auth, AUTH_RULE_IDENTITY);
                if (id)
                {
-                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth);
+                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, NULL);
                        if (private)
                        {
                                switch (private->get_type(private))