From 904f93f65562fef83c945348e02fa24600a510ec Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 17 Dec 2015 18:18:09 +0100 Subject: [PATCH] ikev1: Avoid modifying local auth config when detecting pubkey method If it was necessary to pass the local certificates we could probably clone the config (but we don't do that either when later looking for the key to actually authenticate). Passing auth adds the same subject cert to the config over and over again (I guess we could also try to prevent that by searching for duplicates). --- src/libcharon/sa/ikev1/phase1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index b7047e8fc4..c968b2a9c2 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -404,7 +404,7 @@ static auth_method_t get_pubkey_method(private_phase1_t *this, auth_cfg_t *auth) id = (identification_t*)auth->get(auth, AUTH_RULE_IDENTITY); if (id) { - private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, auth); + private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, id, NULL); if (private) { switch (private->get_type(private)) -- 2.47.3