Send certificates and requests when using Hybrid authentication

author Martin Willi <martin@revosec.ch>

Wed, 14 Dec 2011 09:56:23 +0000 (10:56 +0100)

committer Martin Willi <martin@revosec.ch>

Tue, 20 Mar 2012 16:31:21 +0000 (17:31 +0100)
author Martin Willi <martin@revosec.ch>
Wed, 14 Dec 2011 09:56:23 +0000 (10:56 +0100)
committer Martin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:21 +0000 (17:31 +0100)
diff --git a/src/libcharon/sa/tasks/ike_cert_post_v1.c b/src/libcharon/sa/tasks/ike_cert_post_v1.c

index 517f8c1bf4fc8a0359f9b000da229c6433e76084..2c1c8750f78af23a72134cb8512251396a8cdf0c 100755 (executable)
--- a/src/libcharon/sa/tasks/ike_cert_post_v1.c
+++ b/src/libcharon/sa/tasks/ike_cert_post_v1.c
@@ -77,6 +77,8 @@ static bool use_certs(private_ike_cert_post_v1_t *this, message_t *message)
                                 case AUTH_RSA:
                                 case AUTH_XAUTH_INIT_RSA:
                                 case AUTH_XAUTH_RESP_RSA:
+                               case AUTH_HYBRID_INIT_RSA:
+                               case AUTH_HYBRID_RESP_RSA:
                                         use = TRUE;
                                         break;
                                 default:
diff --git a/src/libcharon/sa/tasks/ike_cert_pre_v1.c b/src/libcharon/sa/tasks/ike_cert_pre_v1.c

index fab8d5bb3789d928e7b5de6ec8ef7785acb5daed..0220650b203ddc61b77019f5221593b4538e7e38 100755 (executable)
--- a/src/libcharon/sa/tasks/ike_cert_pre_v1.c
+++ b/src/libcharon/sa/tasks/ike_cert_pre_v1.c
@@ -45,6 +45,11 @@ struct private_ike_cert_pre_v1_t {
          */
         bool initiator;
  
+       /**
+        * Send certificate requests?
+        */
+       bool send_req;
+
         /** next message we expect */
         enum {
                 CR_SA,
@@ -304,6 +309,13 @@ static bool use_certs(private_ike_cert_pre_v1_t *this, message_t *message)
  
                         switch (sa_payload->get_auth_method(sa_payload))
                         {
+                               case AUTH_HYBRID_INIT_RSA:
+                               case AUTH_HYBRID_RESP_RSA:
+                                       if (!this->initiator)
+                                       {
+                                               this->send_req = FALSE;
+                                       }
+                                       /* FALL */
                                 case AUTH_RSA:
                                 case AUTH_XAUTH_INIT_RSA:
                                 case AUTH_XAUTH_RESP_RSA:
@@ -401,7 +413,10 @@ METHOD(task_t, build_r, status_t,
                                         this->state = CR_KE;
                                         return NEED_MORE;
                                 case CR_KE:
-                                       build_certreqs(this, message);
+                                       if (this->send_req)
+                                       {
+                                               build_certreqs(this, message);
+                                       }
                                         this->state = CR_AUTH;
                                         return NEED_MORE;
                                 case CR_AUTH:
@@ -502,6 +517,7 @@ ike_cert_pre_v1_t *ike_cert_pre_v1_create(ike_sa_t *ike_sa, bool initiator)
                 .ike_sa = ike_sa,
                 .initiator = initiator,
                 .state = CR_SA,
+               .send_req = TRUE,
         );
         if (initiator)
         {
author	Martin Willi <martin@revosec.ch>
	Wed, 14 Dec 2011 09:56:23 +0000 (10:56 +0100)
committer	Martin Willi <martin@revosec.ch>
	Tue, 20 Mar 2012 16:31:21 +0000 (17:31 +0100)
src/libcharon/sa/tasks/ike_cert_post_v1.c		patch \| blob \| blame \| history
src/libcharon/sa/tasks/ike_cert_pre_v1.c		patch \| blob \| blame \| history