From e91d0cfdbb00d5aec6db5596419b8589c7833553 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 18 Jan 2013 11:52:47 +0100
Subject: [PATCH] pubkey-authenticator: Don't use the certificate ID to build
 auth octets when cert_id_binding = no

---
 src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index df88e4ae41..40b3b36f6e 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -558,7 +558,7 @@ METHOD(authenticator_t, build, status_t,
 		DBG1(DBG_IKE, "no private key found for '%Y'", id);
 		return NOT_FOUND;
 	}
-
+	id = this->ike_sa->get_my_id(this->ike_sa);
 	if (this->ike_sa->supports_extension(this->ike_sa, EXT_SIGNATURE_AUTH))
 	{
 		status = sign_signature_auth(this, auth, private, id, message);
@@ -659,11 +659,12 @@ METHOD(authenticator_t, process, status_t,
 			signature_params_destroy(params);
 			return INVALID_ARG;
 	}
-	id = get_cert_id(this->ike_sa, FALSE);
+	id = this->ike_sa->get_other_id(this->ike_sa);
 	if (!get_auth_octets_scheme(this, TRUE, id, this->ppk, &octets, &params))
 	{
 		return FAILED;
 	}
+	id = get_cert_id(this->ike_sa, FALSE);
 	auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
 	online = !this->ike_sa->has_condition(this->ike_sa,
 										  COND_ONLINE_VALIDATION_SUSPENDED);
-- 
2.47.2