From: Martin Willi <martin@revosec.ch>
Date: Mon, 9 Jul 2012 10:05:23 +0000 (+0200)
Subject: Don't send CERTREQs when initiating aggressive mode PSK
X-Git-Tag: 5.0.1~452
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3128e7fa7c390233c5fcb40a46416a31a13a9ff3;p=thirdparty%2Fstrongswan.git

Don't send CERTREQs when initiating aggressive mode PSK
---

diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
index 8ba5a2aa7d..ea5da4ebc6 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
@@ -349,6 +349,10 @@ METHOD(task_t, build_i, status_t,
 		case AGGRESSIVE:
 			if (this->state == CR_SA)
 			{
+				if (!use_certs(this, message))
+				{
+					return SUCCESS;
+				}
 				build_certreqs(this, message);
 			}
 			return NEED_MORE;