From: Martin Willi <martin@revosec.ch>
Date: Mon, 9 Jan 2012 16:10:48 +0000 (+0100)
Subject: Fix sending of CERTREQ/CERT payloads in aggressive mode
X-Git-Tag: 5.0.0~338^2~9^2~83
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a347c1ac437803c23aa8858089d99f4f604fcebc;p=thirdparty%2Fstrongswan.git

Fix sending of CERTREQ/CERT payloads in aggressive mode
---

diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
index 5fbd04aea1..b88b9e31a8 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
@@ -286,9 +286,14 @@ METHOD(task_t, process_i, status_t,
 		}
 		case AGGRESSIVE:
 		{
-			if (!use_certs(this, message))
+			if (this->state == CR_SA)
 			{
-				return SUCCESS;
+				if (!use_certs(this, message))
+				{
+					return SUCCESS;
+				}
+				this->state = CR_AUTH;
+				return NEED_MORE;
 			}
 			return SUCCESS;
 		}
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
index 25c4af6e81..8d04057306 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
@@ -426,6 +426,10 @@ METHOD(task_t, build_r, status_t,
 			switch (this->state)
 			{
 				case CR_SA:
+					if (this->send_req)
+					{
+						build_certreqs(this, message);
+					}
 					this->state = CR_AUTH;
 					return NEED_MORE;
 				case CR_AUTH:
@@ -474,6 +478,7 @@ METHOD(task_t, process_i, status_t,
 			}
 			process_certreqs(this, message);
 			process_certs(this, message);
+			this->state = CR_AUTH;
 			return SUCCESS;
 		}
 		default: