ikev1: Fix PSK lookup for Main Mode initiators

We need the PSK/identity already when deriving the keys in process_i().

Fixes: 1665a4e0504f ("ikev1: Use actual local identity as initiator or aggressive mode responder")

diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 24b2f24d17e5da200018e5fa7564b6f02f2a1276..9416177abc9cf11684af5c223ef4987d1186439c 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -250,6 +250,7 @@ METHOD(task_t, build_i, status_t,
                {
                        sa_payload_t *sa_payload;
                        linked_list_t *proposals;
+                       identification_t *id;
                        packet_t *packet;
 
                        DBG0(DBG_IKE, "initiating Main Mode IKE_SA %s[%d] to %H",
@@ -261,6 +262,8 @@ METHOD(task_t, build_i, status_t,
                        this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
                        this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
                        this->peer_cfg->get_ref(this->peer_cfg);
+                       id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
+                       this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
 
                        this->method = this->ph1->get_auth_method(this->ph1, this->peer_cfg);
                        if (this->method == AUTH_NONE)
@@ -331,8 +334,7 @@ METHOD(task_t, build_i, status_t,
                        id_payload_t *id_payload;
                        identification_t *id;
 
-                       id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
-                       this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
+                       id = this->ike_sa->get_my_id(this->ike_sa);
                        id_payload = id_payload_create_from_identification(PLV1_ID, id);
                        message->add_payload(message, &id_payload->payload_interface);