ikev1: Store fallback identity (IP address) on IKE_SA's auth-cfg
authorTobias Brunner <tobias@strongswan.org>
Tue, 7 Apr 2020 14:59:28 +0000 (16:59 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 7 May 2020 13:05:55 +0000 (15:05 +0200)
The other auth-cfg object is shared via peer-cfg, so we must not
modify it.  It's only stored to simplify memory management.

Fixes #3394.

src/libcharon/sa/ikev1/phase1.c

index f3c053d..18eec7a 100644 (file)
@@ -629,6 +629,7 @@ METHOD(phase1_t, get_id, identification_t*,
                        if (!me->is_anyaddr(me))
                        {
                                id = identification_create_from_sockaddr(me->get_sockaddr(me));
+                               auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
                                auth->add(auth, AUTH_RULE_IDENTITY, id);
                        }
                }