Accept IKE_SA_INIT responses without CERTIFICATE_REQUESTs
authorMartin Willi <martin@revosec.ch>
Wed, 20 Apr 2011 13:04:02 +0000 (15:04 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 20 Apr 2011 13:04:02 +0000 (15:04 +0200)
src/libcharon/encoding/message.c

index dbef340..128a2c8 100644 (file)
@@ -131,7 +131,7 @@ static payload_rule_t ike_sa_init_r_rules[] = {
        {SECURITY_ASSOCIATION,                  1,      1,                                              FALSE,  FALSE},
        {KEY_EXCHANGE,                                  1,      1,                                              FALSE,  FALSE},
        {NONCE,                                                 1,      1,                                              FALSE,  FALSE},
-       {CERTIFICATE_REQUEST,                   1,      1,                                              FALSE,  FALSE},
+       {CERTIFICATE_REQUEST,                   0,      1,                                              FALSE,  FALSE},
        {VENDOR_ID,                                             0,      10,                                             FALSE,  FALSE},
 };