ikev2: Don't recreate IKE_SA if deletion fails after make-before-break reauth

Fixes: 7457143072 ("During reauthentication reestablish IKE_SA even if deleting the old one fails.") Fixes #2847.
2018-12-05 12:24:55 +01:00 · 2018-12-05 12:24:55 +01:00 · 10f8834bf9
parent 01f462f0d3
commit 10f8834bf9
1 changed files with 3 additions and 1 deletions
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@ -2404,7 +2404,9 @@ METHOD(ike_sa_t, retransmit, status_t,
 			}
 			case IKE_DELETING:
 				DBG1(DBG_IKE, "proper IKE_SA delete failed, peer not responding");
-				if (has_condition(this, COND_REAUTHENTICATING))
+				if (has_condition(this, COND_REAUTHENTICATING) &&
+					!lib->settings->get_bool(lib->settings,
+										"%s.make_before_break", FALSE, lib->ns))
 				{
 					DBG1(DBG_IKE, "delete during reauthentication failed, "
 						 "trying to reestablish IKE_SA anyway");