From 094963d1b16024c56adc624cc97729ce424e2814 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 10 Apr 2014 10:24:34 +0200 Subject: [PATCH] ikev2: Apply extensions and conditions before starting rekeying The extensions and conditions apply to the rekeyed IKE_SA as well, so we should migrate them. Especially when using algorithms from private space, we need EXT_STRONGSWAN to properly select these algorithms during IKE rekeying. --- src/libcharon/sa/ike_sa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 4b4c1ceb90..7b38e0268c 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -2028,6 +2028,12 @@ METHOD(ike_sa_t, inherit_pre, void, set_peer_cfg(this, other->peer_cfg); set_my_host(this, other->my_host->clone(other->my_host)); set_other_host(this, other->other_host->clone(other->other_host)); + + /* apply extensions and conditions with a few exceptions */ + this->extensions = other->extensions; + this->conditions = other->conditions; + this->conditions &= ~COND_STALE; + this->conditions &= ~COND_REAUTHENTICATING; } METHOD(ike_sa_t, inherit_post, void, -- 2.47.2