From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 9 Apr 2020 08:14:42 +0000 (+0200)
Subject: ikev1: Use actual local identity as initiator or aggressive mode responder
X-Git-Tag: 5.9.0dr1~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1665a4e0504f6bfbfa2ea617092cfff70c5b7049;p=thirdparty%2Fstrongswan.git

ikev1: Use actual local identity as initiator or aggressive mode responder

If none is configured, there is a fallback to the IP address, which is
not stored on the static auth config, but is set on the IKE_SA.

Fixes #3394.
---

diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index 18eec7a1bc..fecbd3900c 100644
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -143,11 +143,10 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this,
 
 	if (peer_cfg)
 	{	/* as initiator or aggressive responder, use identities */
-		my_auth = get_auth_cfg(peer_cfg, TRUE);
 		other_auth = get_auth_cfg(peer_cfg, FALSE);
-		if (my_auth && other_auth)
+		if (other_auth)
 		{
-			my_id = my_auth->get(my_auth, AUTH_RULE_IDENTITY);
+			my_id = this->ike_sa->get_my_id(this->ike_sa);
 			if (peer_cfg->use_aggressive(peer_cfg))
 			{
 				other_id = this->ike_sa->get_other_id(this->ike_sa);
@@ -156,10 +155,7 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this,
 			{
 				other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
 			}
-			if (my_id)
-			{
-				shared_key = find_shared_key(my_id, me, other_id, other);
-			}
+			shared_key = find_shared_key(my_id, me, other_id, other);
 		}
 	}
 	else