From e44f4d7eefc1cfa2973bacfac2b9ea8190a275f5 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sat, 28 Oct 2006 15:37:23 +0000
Subject: [PATCH] send a certreq as initiator if other_ca is set

---
 src/charon/sa/transactions/ike_auth.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/charon/sa/transactions/ike_auth.c b/src/charon/sa/transactions/ike_auth.c
index 1bb2534..82e75fa 100644
--- a/src/charon/sa/transactions/ike_auth.c
+++ b/src/charon/sa/transactions/ike_auth.c
@@ -221,8 +221,25 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
 		request->add_payload(request, (payload_t*)my_id_payload);
 	}
 	
-	{	/* TODO: build certreq payload */
-		
+	/* build certificate request payload */
+	if (this->connection->get_certreq_policy(this->connection) != CERT_NEVER_SEND)
+	{
+		certreq_payload_t *certreq_payload;
+
+		identification_t *other_ca = this->policy->get_other_ca(this->policy);
+
+		if (other_ca->get_type(other_ca) == ID_ANY)
+		{
+
+		}
+		else
+		{
+			x509_t *cacert = charon->credentials->get_ca_certificate(charon->credentials, other_ca);
+
+			DBG2(DBG_IKE, "certreq with ca: '%D'", other_ca);
+			certreq_payload = certreq_payload_create_from_x509(cacert);
+			request->add_payload(request, (payload_t*)certreq_payload);
+		}
 	}
 	
 	/* build certificate payload. TODO: Handle certreq from init_ike_sa. */
-- 
2.7.4