From: Martin Willi <martin@revosec.ch>
Date: Wed, 29 Feb 2012 09:10:45 +0000 (+0100)
Subject: Invoke ike_updown hook on authentication failure not before response sent
X-Git-Tag: 4.6.3~112
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4cd176d525fbf20159e22d7cd4baeeb0c2e7ad1b;p=thirdparty%2Fstrongswan.git

Invoke ike_updown hook on authentication failure not before response sent
---

diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c
index 7cdcf7052d..77d36f975f 100644
--- a/src/libcharon/sa/task_manager.c
+++ b/src/libcharon/sa/task_manager.c
@@ -641,11 +641,9 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
 												   enumerator);
 				}
 				break;
+			case DESTROY_ME:
 			case FAILED:
 			default:
-				charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
-				/* FALL */
-			case DESTROY_ME:
 				/* destroy IKE_SA, but SEND response first */
 				delete = TRUE;
 				break;
@@ -680,6 +678,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
 						 this->responding.packet->clone(this->responding.packet));
 	if (delete)
 	{
+		charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
 		return DESTROY_ME;
 	}
 	return SUCCESS;