Fix sending of CERTREQ/CERT payloads in aggressive mode

author Martin Willi <martin@revosec.ch>

Mon, 9 Jan 2012 16:10:48 +0000 (17:10 +0100)

committer Martin Willi <martin@revosec.ch>

Tue, 20 Mar 2012 16:31:34 +0000 (17:31 +0100)
author Martin Willi <martin@revosec.ch>
Mon, 9 Jan 2012 16:10:48 +0000 (17:10 +0100)
committer Martin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:34 +0000 (17:31 +0100)
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c

index 5fbd04a..b88b9e3 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
@@ -286,9 +286,14 @@ METHOD(task_t, process_i, status_t,
                 }
                 case AGGRESSIVE:
                 {
-                       if (!use_certs(this, message))
+                       if (this->state == CR_SA)
                         {
-                               return SUCCESS;
+                               if (!use_certs(this, message))
+                               {
+                                       return SUCCESS;
+                               }
+                               this->state = CR_AUTH;
+                               return NEED_MORE;
                         }
                         return SUCCESS;
                 }
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c

index 25c4af6..8d04057 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
@@ -426,6 +426,10 @@ METHOD(task_t, build_r, status_t,
                         switch (this->state)
                         {
                                 case CR_SA:
+                                       if (this->send_req)
+                                       {
+                                               build_certreqs(this, message);
+                                       }
                                         this->state = CR_AUTH;
                                         return NEED_MORE;
                                 case CR_AUTH:
@@ -474,6 +478,7 @@ METHOD(task_t, process_i, status_t,
                         }
                         process_certreqs(this, message);
                         process_certs(this, message);
+                       this->state = CR_AUTH;
                         return SUCCESS;
                 }
                 default:
author	Martin Willi <martin@revosec.ch>
	Mon, 9 Jan 2012 16:10:48 +0000 (17:10 +0100)
committer	Martin Willi <martin@revosec.ch>
	Tue, 20 Mar 2012 16:31:34 +0000 (17:31 +0100)
src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c		patch \| blob \| history
src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c		patch \| blob \| history