From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 17 Dec 2015 17:18:09 +0000 (+0100)
Subject: ikev1: Avoid modifying local auth config when detecting pubkey method
X-Git-Tag: 5.4.0dr8~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=904f93f65562fef83c945348e02fa24600a510ec;p=thirdparty%2Fstrongswan.git

ikev1: Avoid modifying local auth config when detecting pubkey method

If it was necessary to pass the local certificates we could probably
clone the config (but we don't do that either when later looking for the
key to actually authenticate).
Passing auth adds the same subject cert to the config over and over
again (I guess we could also try to prevent that by searching for
duplicates).
---

diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index b7047e8fc4..c968b2a9c2 100644
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -404,7 +404,7 @@ static auth_method_t get_pubkey_method(private_phase1_t *this, auth_cfg_t *auth)
 		id = (identification_t*)auth->get(auth, AUTH_RULE_IDENTITY);
 		if (id)
 		{
-			private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth);
+			private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, NULL);
 			if (private)
 			{
 				switch (private->get_type(private))