child-create: Disable optimized rekeying for CHILD_SA created during IKE_AUTH

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 9baa639f22fd3b1a1644da7b7cccbf0b166fb679..d8514c4463e255433b8bbf4562a95b86dabce513 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1507,6 +1507,8 @@ METHOD(task_t, build_i, status_t,
        this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
                                                                         this->ike_sa->get_other_host(this->ike_sa),
                                                                         this->config, &this->child);
+       /* disable optimized rekeying for the CHILD_SA created during IKE_AUTH */
+       this->child_sa->set_optimized_rekey(this->child_sa, !no_ke);
 
        /* check this after creating the object so that its destruction is detected
         * by controller and trap manager */
@@ -2097,6 +2099,8 @@ METHOD(task_t, build_r, status_t,
        this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa),
                                                                         this->ike_sa->get_other_host(this->ike_sa),
                                                                         this->config, &this->child);
+       /* disable optimized rekeying for the CHILD_SA created during IKE_AUTH */
+       this->child_sa->set_optimized_rekey(this->child_sa, !ike_auth);
 
        this->other_spi = this->proposal->get_spi(this->proposal);
        if (!allocate_spi(this))