Fix sending of CERTREQ/CERT payloads in aggressive mode
authorMartin Willi <martin@revosec.ch>
Mon, 9 Jan 2012 16:10:48 +0000 (17:10 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:34 +0000 (17:31 +0100)
src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c

index 5fbd04a..b88b9e3 100644 (file)
@@ -286,9 +286,14 @@ METHOD(task_t, process_i, status_t,
                }
                case AGGRESSIVE:
                {
-                       if (!use_certs(this, message))
+                       if (this->state == CR_SA)
                        {
-                               return SUCCESS;
+                               if (!use_certs(this, message))
+                               {
+                                       return SUCCESS;
+                               }
+                               this->state = CR_AUTH;
+                               return NEED_MORE;
                        }
                        return SUCCESS;
                }
index 25c4af6..8d04057 100644 (file)
@@ -426,6 +426,10 @@ METHOD(task_t, build_r, status_t,
                        switch (this->state)
                        {
                                case CR_SA:
+                                       if (this->send_req)
+                                       {
+                                               build_certreqs(this, message);
+                                       }
                                        this->state = CR_AUTH;
                                        return NEED_MORE;
                                case CR_AUTH:
@@ -474,6 +478,7 @@ METHOD(task_t, process_i, status_t,
                        }
                        process_certreqs(this, message);
                        process_certs(this, message);
+                       this->state = CR_AUTH;
                        return SUCCESS;
                }
                default: