From: Martin Willi Date: Wed, 14 Dec 2011 09:56:23 +0000 (+0100) Subject: Send certificates and requests when using Hybrid authentication X-Git-Tag: 5.0.0~338^2~9^2~215 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7b25135ecfac553deb384a8f90bdbc80c8db67bb;p=thirdparty%2Fstrongswan.git Send certificates and requests when using Hybrid authentication --- diff --git a/src/libcharon/sa/tasks/ike_cert_post_v1.c b/src/libcharon/sa/tasks/ike_cert_post_v1.c index 517f8c1bf4..2c1c8750f7 100755 --- a/src/libcharon/sa/tasks/ike_cert_post_v1.c +++ b/src/libcharon/sa/tasks/ike_cert_post_v1.c @@ -77,6 +77,8 @@ static bool use_certs(private_ike_cert_post_v1_t *this, message_t *message) case AUTH_RSA: case AUTH_XAUTH_INIT_RSA: case AUTH_XAUTH_RESP_RSA: + case AUTH_HYBRID_INIT_RSA: + case AUTH_HYBRID_RESP_RSA: use = TRUE; break; default: diff --git a/src/libcharon/sa/tasks/ike_cert_pre_v1.c b/src/libcharon/sa/tasks/ike_cert_pre_v1.c index fab8d5bb37..0220650b20 100755 --- a/src/libcharon/sa/tasks/ike_cert_pre_v1.c +++ b/src/libcharon/sa/tasks/ike_cert_pre_v1.c @@ -45,6 +45,11 @@ struct private_ike_cert_pre_v1_t { */ bool initiator; + /** + * Send certificate requests? + */ + bool send_req; + /** next message we expect */ enum { CR_SA, @@ -304,6 +309,13 @@ static bool use_certs(private_ike_cert_pre_v1_t *this, message_t *message) switch (sa_payload->get_auth_method(sa_payload)) { + case AUTH_HYBRID_INIT_RSA: + case AUTH_HYBRID_RESP_RSA: + if (!this->initiator) + { + this->send_req = FALSE; + } + /* FALL */ case AUTH_RSA: case AUTH_XAUTH_INIT_RSA: case AUTH_XAUTH_RESP_RSA: @@ -401,7 +413,10 @@ METHOD(task_t, build_r, status_t, this->state = CR_KE; return NEED_MORE; case CR_KE: - build_certreqs(this, message); + if (this->send_req) + { + build_certreqs(this, message); + } this->state = CR_AUTH; return NEED_MORE; case CR_AUTH: @@ -502,6 +517,7 @@ ike_cert_pre_v1_t *ike_cert_pre_v1_create(ike_sa_t *ike_sa, bool initiator) .ike_sa = ike_sa, .initiator = initiator, .state = CR_SA, + .send_req = TRUE, ); if (initiator) {