pubkey-authenticator: Don't use the certificate ID to build auth octets when cert_id_...

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index df88e4ae41ec6217a7d745905defa1d7dbcb0455..40b3b36f6e93b1cfeff10a8b57082b3e4a57846b 100644 (file)
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -558,7 +558,7 @@ METHOD(authenticator_t, build, status_t,
                DBG1(DBG_IKE, "no private key found for '%Y'", id);
                return NOT_FOUND;
        }
-
+       id = this->ike_sa->get_my_id(this->ike_sa);
        if (this->ike_sa->supports_extension(this->ike_sa, EXT_SIGNATURE_AUTH))
        {
                status = sign_signature_auth(this, auth, private, id, message);
@@ -659,11 +659,12 @@ METHOD(authenticator_t, process, status_t,
                        signature_params_destroy(params);
                        return INVALID_ARG;
        }
-       id = get_cert_id(this->ike_sa, FALSE);
+       id = this->ike_sa->get_other_id(this->ike_sa);
        if (!get_auth_octets_scheme(this, TRUE, id, this->ppk, &octets, &params))
        {
                return FAILED;
        }
+       id = get_cert_id(this->ike_sa, FALSE);
        auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
        online = !this->ike_sa->has_condition(this->ike_sa,
                                                                                  COND_ONLINE_VALIDATION_SUSPENDED);