ikev2: Apply extensions and conditions before starting rekeying

The extensions and conditions apply to the rekeyed IKE_SA as well, so we should
migrate them. Especially when using algorithms from private space, we need
EXT_STRONGSWAN to properly select these algorithms during IKE rekeying.

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 4b4c1ceb9046e9423aad3f060b9f409b8a4d15a4..7b38e0268c764c5c0995290123fe910d816b2214 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2028,6 +2028,12 @@ METHOD(ike_sa_t, inherit_pre, void,
        set_peer_cfg(this, other->peer_cfg);
        set_my_host(this, other->my_host->clone(other->my_host));
        set_other_host(this, other->other_host->clone(other->other_host));
+
+       /* apply extensions and conditions with a few exceptions */
+       this->extensions = other->extensions;
+       this->conditions = other->conditions;
+       this->conditions &= ~COND_STALE;
+       this->conditions &= ~COND_REAUTHENTICATING;
 }
 
 METHOD(ike_sa_t, inherit_post, void,