From: Martin Willi <martin@revosec.ch>
Date: Thu, 13 Jan 2011 09:50:46 +0000 (+0100)
Subject: Revert "Send INITIAL_CONTACT even if we have a unique policy"
X-Git-Tag: 4.5.1~110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=983a5e88d330e28ec6b9726a365e372d3461141f;p=thirdparty%2Fstrongswan.git

Revert "Send INITIAL_CONTACT even if we have a unique policy"

It makes sense to omit INITIAL_CONTACT if don't have a unique policy,
as a client might want to connect from different devices to the same
account.

This reverts commit 719c33b41a1f9fe9b2585df3e7aa804a760c361c.
---

diff --git a/NEWS b/NEWS
index e8c050a576..fbae771cbc 100644
--- a/NEWS
+++ b/NEWS
@@ -42,7 +42,8 @@ strongswan-4.5.1
   xcbc algorithms.
 
 - The IKEv2 daemon supports the INITIAL_CONTACT notify as initiator and
-  responder.
+  responder. The notify is sent when initiating configurations with a unique
+  policy, set in ipsec.conf via the global 'uniqueids' option.
 
 - The conftest conformance testing framework enables the IKEv2 stack to perform
   many tests using a distinct tool and configuration frontend. Various hooks
diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index e48916eb22..178989a0ac 100644
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -429,7 +429,8 @@ static status_t build_i(private_ike_auth_t *this, message_t *message)
 		get_reserved_id_bytes(this, id_payload);
 		message->add_payload(message, (payload_t*)id_payload);
 
-		if (idr && message->get_message_id(message))
+		if (idr && message->get_message_id(message) == 1 &&
+			this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO)
 		{
 			host_t *host;