From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Wed, 7 Nov 2012 16:55:47 +0000 (+0100)
Subject: Authenticate ISA using certificates
X-Git-Tag: 5.0.3rc1~39^2~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=832488b14a43bdb31bc83053b81d72286c2739be;p=thirdparty%2Fstrongswan.git

Authenticate ISA using certificates

The authentication of the ISA is now done using the certificate provided
by the peer.
---

diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c
index 5820990f48..cab9b4e05c 100644
--- a/src/charon-tkm/src/tkm/tkm_listener.c
+++ b/src/charon-tkm/src/tkm/tkm_listener.c
@@ -202,9 +202,19 @@ METHOD(listener_t, authorize, bool,
 		*success = FALSE;
 	}
 
+	const chunk_t * const other_init_msg = keymat->get_peer_init_msg(keymat);
+	if (!other_init_msg->ptr)
+	{
+		DBG1(DBG_IKE, "no peer init message available");
+		*success = FALSE;
+	}
+
 	signature_type signature;
 	chunk_to_sequence(auth, &signature, sizeof(signature_type));
-	if (ike_isa_auth_psk(isa_id, signature) != TKM_OK)
+	init_message_type init_msg;
+	chunk_to_sequence(other_init_msg, &init_msg, sizeof(init_message_type));
+
+	if (ike_isa_auth(isa_id, cc_id, init_msg, signature) != TKM_OK)
 	{
 		DBG1(DBG_IKE, "TKM based authentication failed"
 			 " for ISA context %llu", isa_id);