From: Martin Willi <martin@revosec.ch>
Date: Wed, 28 Jan 2015 16:20:12 +0000 (+0100)
Subject: ikev2: Process received CGA parameters, store for authentication
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a90b0c583be1e38fcb06df6bfb28699476f9511;p=thirdparty%2Fstrongswan.git

ikev2: Process received CGA parameters, store for authentication
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index ca17494de8..2e9d706ece 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -283,6 +283,30 @@ static void process_ac(cert_payload_t *payload, auth_cfg_t *auth)
 	}
 }
 
+/**
+ * Process CGA parameters
+ */
+static void process_cga(private_ike_cert_pre_t *this,
+						cert_payload_t *payload, auth_cfg_t *auth)
+{
+	certificate_t *cert;
+
+	if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+	{
+		cert = payload->get_cert(payload);
+		if (cert)
+		{
+			DBG1(DBG_IKE, "received CGA parameters for \"%Y\"",
+				 cert->get_subject(cert));
+			auth->add(auth, AUTH_HELPER_SUBJECT_CERT, cert);
+		}
+	}
+	else
+	{
+		DBG1(DBG_ENC, "ignoring CGA parameters");
+	}
+}
+
 /**
  * Process certificate payloads
  */
@@ -325,6 +349,9 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
 				case ENC_X509_ATTRIBUTE:
 					process_ac(cert_payload, auth);
 					break;
+				case ENC_CGA_PARAMS:
+					process_cga(this, cert_payload, auth);
+					break;
 				case ENC_PKCS7_WRAPPED_X509:
 				case ENC_PGP:
 				case ENC_DNS_SIGNED_KEY: