Flush auth configs, create new keymat during SA reset

author Martin Willi <martin@revosec.ch>

Mon, 7 Jun 2010 12:59:39 +0000 (14:59 +0200)

committer Martin Willi <martin@revosec.ch>

Mon, 7 Jun 2010 12:59:39 +0000 (14:59 +0200)
author Martin Willi <martin@revosec.ch>
Mon, 7 Jun 2010 12:59:39 +0000 (14:59 +0200)
committer Martin Willi <martin@revosec.ch>
Mon, 7 Jun 2010 12:59:39 +0000 (14:59 +0200)
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c

index ed49170adc68c1f3216b73f183cde063ba5afa9b..8b44fd92ba55a3d96cf6da2d4df1f40f6f480bf5 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -399,18 +399,15 @@ static void flush_auth_cfgs(private_ike_sa_t *this)
  {
         auth_cfg_t *cfg;
  
-       if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", FALSE))
+       while (this->my_auths->remove_last(this->my_auths,
+                                                                          (void**)&cfg) == SUCCESS)
         {
-               while (this->my_auths->remove_last(this->my_auths,
-                                                                                  (void**)&cfg) == SUCCESS)
-               {
-                       cfg->destroy(cfg);
-               }
-               while (this->other_auths->remove_last(this->other_auths,
-                                                                                         (void**)&cfg) == SUCCESS)
-               {
-                       cfg->destroy(cfg);
-               }
+               cfg->destroy(cfg);
+       }
+       while (this->other_auths->remove_last(this->other_auths,
+                                                                                 (void**)&cfg) == SUCCESS)
+       {
+               cfg->destroy(cfg);
         }
  }
  
@@ -713,6 +710,11 @@ METHOD(ike_sa_t, reset, void,
  
         set_state(this, IKE_CREATED);
  
+       flush_auth_cfgs(this);
+
+       this->keymat->destroy(this->keymat);
+       this->keymat = keymat_create(this->ike_sa_id->is_initiator(this->ike_sa_id));
+
         this->task_manager->reset(this->task_manager, 0, 0);
  }
  
@@ -1263,7 +1265,9 @@ METHOD(ike_sa_t, process_message, status_t,
                 }
                 status = this->task_manager->process_message(this->task_manager, message);
                 if (message->get_exchange_type(message) == IKE_AUTH &&
-                       this->state == IKE_ESTABLISHED)
+                       this->state == IKE_ESTABLISHED &&
+                       lib->settings->get_bool(lib->settings,
+                                                                       "charon.flush_auth_cfg", FALSE))
                 {       /* authentication completed */
                         flush_auth_cfgs(this);
                 }
author	Martin Willi <martin@revosec.ch>
	Mon, 7 Jun 2010 12:59:39 +0000 (14:59 +0200)
committer	Martin Willi <martin@revosec.ch>
	Mon, 7 Jun 2010 12:59:39 +0000 (14:59 +0200)