From: Martin Willi <martin@revosec.ch>
Date: Wed, 23 May 2012 10:27:47 +0000 (+0200)
Subject: Apply IDir before deriving keys as aggressive initiator
X-Git-Tag: 5.0.0~233
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3c475660c50fa11d6b95b86072cf35165057c911;p=thirdparty%2Fstrongswan.git

Apply IDir before deriving keys as aggressive initiator
---

diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index e1c51a8656..664fce9189 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -569,10 +569,6 @@ METHOD(task_t, process_i, status_t,
 		{
 			return send_notify(this, NO_PROPOSAL_CHOSEN);
 		}
-		if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
-		{
-			return send_notify(this, INVALID_KEY_INFORMATION);
-		}
 
 		id_payload = (id_payload_t*)message->get_payload(message, ID_V1);
 		if (!id_payload)
@@ -590,6 +586,10 @@ METHOD(task_t, process_i, status_t,
 		}
 		this->ike_sa->set_other_id(this->ike_sa, id);
 
+		if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
+		{
+			return send_notify(this, INVALID_KEY_INFORMATION);
+		}
 		if (!this->ph1->verify_auth(this->ph1, this->method, message,
 									id_payload->get_encoded(id_payload)))
 		{