ike: Don't rekey IKE_SA while reauthenticating

If we are using make-before-break reauthentication, this could lead to
duplicates as the new IKE_SA wouldn't be able to delete the previous
one if it was replaced by a rekeying.

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 407917637c15767c50213f8f7c70605aa51da42b..2ce5987773fbe945e6b86066a99f45416ca14ae1 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1928,7 +1928,8 @@ METHOD(ike_sa_t, delete_, status_t,
 METHOD(ike_sa_t, rekey, status_t,
        private_ike_sa_t *this)
 {
-       if (this->state == IKE_PASSIVE)
+       if (this->state == IKE_PASSIVE ||
+               has_condition(this, COND_REAUTHENTICATING))
        {
                return INVALID_STATE;
        }