ikev1: Pass current auth-cfg when looking for key to determine auth method

If multiple certificates use the same subjects we might choose the wrong
one otherwise. This way we use the one referenced with leftcert and
stored in the auth-cfg and we actually do the same thing later in the
pubkey authenticator.

Fixes #1077.

diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index c968b2a9c29b39223b6dfbd05d93006b22e52fde..b7047e8fc49ce423354ff3aa79cf288a620b6938 100644 (file)
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -404,7 +404,7 @@ static auth_method_t get_pubkey_method(private_phase1_t *this, auth_cfg_t *auth)
                id = (identification_t*)auth->get(auth, AUTH_RULE_IDENTITY);
                if (id)
                {
-                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, NULL);
+                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth);
                        if (private)
                        {
                                switch (private->get_type(private))