From: Martin Willi <martin@revosec.ch>
Date: Thu, 10 Apr 2014 08:24:34 +0000 (+0200)
Subject: ikev2: Apply extensions and conditions before starting rekeying
X-Git-Tag: 5.2.0dr2~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=094963d1b160;p=thirdparty%2Fstrongswan.git

ikev2: Apply extensions and conditions before starting rekeying

The extensions and conditions apply to the rekeyed IKE_SA as well, so we should
migrate them. Especially when using algorithms from private space, we need
EXT_STRONGSWAN to properly select these algorithms during IKE rekeying.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 4b4c1ceb90..7b38e0268c 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2028,6 +2028,12 @@ METHOD(ike_sa_t, inherit_pre, void,
 	set_peer_cfg(this, other->peer_cfg);
 	set_my_host(this, other->my_host->clone(other->my_host));
 	set_other_host(this, other->other_host->clone(other->other_host));
+
+	/* apply extensions and conditions with a few exceptions */
+	this->extensions = other->extensions;
+	this->conditions = other->conditions;
+	this->conditions &= ~COND_STALE;
+	this->conditions &= ~COND_REAUTHENTICATING;
 }
 
 METHOD(ike_sa_t, inherit_post, void,