From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 1 Feb 2016 17:15:57 +0000 (+0100)
Subject: ikev2: Always store signature scheme in auth-cfg
X-Git-Tag: 5.4.0dr8~10^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e37e6d6dcaee842b6d8a5be2d271f560f86fabcc;p=thirdparty%2Fstrongswan.git

ikev2: Always store signature scheme in auth-cfg

As we use a different rule we can always store the scheme.
---

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 64cd775ad9..110c509734 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -55,11 +55,6 @@ struct private_pubkey_authenticator_t {
 	 * Reserved bytes of ID payload
 	 */
 	char reserved[3];
-
-	/**
-	 * Whether to store signature schemes on remote auth configs.
-	 */
-	bool store_signature_scheme;
 };
 
 /**
@@ -425,11 +420,7 @@ METHOD(authenticator_t, process, status_t,
 			status = SUCCESS;
 			auth->merge(auth, current_auth, FALSE);
 			auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
-			if (this->store_signature_scheme)
-			{
-				auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME,
-						 (uintptr_t)scheme);
-			}
+			auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, (uintptr_t)scheme);
 			break;
 		}
 		else
@@ -502,8 +493,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
 		.ike_sa = ike_sa,
 		.ike_sa_init = received_init,
 		.nonce = sent_nonce,
-		.store_signature_scheme = lib->settings->get_bool(lib->settings,
-					"%s.signature_authentication_constraints", TRUE, lib->ns),
 	);
 	memcpy(this->reserved, reserved, sizeof(this->reserved));