From: Martin Willi <martin@revosec.ch>
Date: Wed, 28 Jan 2015 16:28:57 +0000 (+0100)
Subject: ikev2: Do not attempt to send a trust chain for CGA parameters
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac3d2ea51547c1b06b3310c89ba9eb37002124fa;p=thirdparty%2Fstrongswan.git

ikev2: Do not attempt to send a trust chain for CGA parameters
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
index 5a9e08de28..d24679f0da 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
@@ -126,7 +126,14 @@ static bool add_subject_cert(private_ike_cert_post_t *this, auth_cfg_t *auth,
 	}
 	DBG1(DBG_IKE, "sending end entity cert \"%Y\"", cert->get_subject(cert));
 	message->add_payload(message, (payload_t*)payload);
-	return TRUE;
+	switch (cert->get_type(cert))
+	{
+		case CERT_CGA_PARAMS:
+			/* do not send a trust chain */
+			return FALSE;
+		default:
+			return TRUE;
+	}
 }
 
 /**