ikev1: Ensure local IP is known as identity fallback during Main Mode

We usually have a local IP already via ike_sa_t::resolve_hosts() before
build_i() is called but if that's not the case, it's more likely we have
one after we processed the first response (it might also have changed).
There is a potential chance we still don't have one if the socket API
doesn't provide us with the destination address of received messages,
but that seems not very likely nowadays.

diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 9416177abc9cf11684af5c223ef4987d1186439c..c1d12046fe21a805467348ea8d34d4c1e2ffddf7 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -250,7 +250,6 @@ METHOD(task_t, build_i, status_t,
                {
                        sa_payload_t *sa_payload;
                        linked_list_t *proposals;
-                       identification_t *id;
                        packet_t *packet;
 
                        DBG0(DBG_IKE, "initiating Main Mode IKE_SA %s[%d] to %H",
@@ -262,8 +261,6 @@ METHOD(task_t, build_i, status_t,
                        this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
                        this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
                        this->peer_cfg->get_ref(this->peer_cfg);
-                       id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
-                       this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
 
                        this->method = this->ph1->get_auth_method(this->ph1, this->peer_cfg);
                        if (this->method == AUTH_NONE)
@@ -305,8 +302,14 @@ METHOD(task_t, build_i, status_t,
                }
                case MM_SA:
                {
+                       identification_t *id;
                        uint16_t group;
 
+                       /* we might need the identity to look up a PSK when processing the
+                        * response */
+                       id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
+                       this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
+
                        if (!this->ph1->create_hasher(this->ph1))
                        {
                                return send_notify(this, NO_PROPOSAL_CHOSEN);