ikev2: Always store signature scheme in auth-cfg

As we use a different rule we can always store the scheme.

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 64cd775ad94d9eaab5af896c970df1c05e72c834..110c50973482da7b7ac26e6ecaef5a7853530b90 100644 (file)
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -55,11 +55,6 @@ struct private_pubkey_authenticator_t {
         * Reserved bytes of ID payload
         */
        char reserved[3];
-
-       /**
-        * Whether to store signature schemes on remote auth configs.
-        */
-       bool store_signature_scheme;
 };
 
 /**
@@ -425,11 +420,7 @@ METHOD(authenticator_t, process, status_t,
                        status = SUCCESS;
                        auth->merge(auth, current_auth, FALSE);
                        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
-                       if (this->store_signature_scheme)
-                       {
-                               auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME,
-                                                (uintptr_t)scheme);
-                       }
+                       auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, (uintptr_t)scheme);
                        break;
                }
                else
@@ -502,8 +493,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
                .ike_sa = ike_sa,
                .ike_sa_init = received_init,
                .nonce = sent_nonce,
-               .store_signature_scheme = lib->settings->get_bool(lib->settings,
-                                       "%s.signature_authentication_constraints", TRUE, lib->ns),
        );
        memcpy(this->reserved, reserved, sizeof(this->reserved));