ikev1: Avoid modifying local auth config when detecting pubkey method

If it was necessary to pass the local certificates we could probably
clone the config (but we don't do that either when later looking for the
key to actually authenticate).
Passing auth adds the same subject cert to the config over and over
again (I guess we could also try to prevent that by searching for
duplicates).

diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index b7047e8fc49ce423354ff3aa79cf288a620b6938..c968b2a9c29b39223b6dfbd05d93006b22e52fde 100644 (file)
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -404,7 +404,7 @@ static auth_method_t get_pubkey_method(private_phase1_t *this, auth_cfg_t *auth)
                id = (identification_t*)auth->get(auth, AUTH_RULE_IDENTITY);
                if (id)
                {
-                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth);
+                       private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, NULL);
                        if (private)
                        {
                                switch (private->get_type(private))