ike-auth: Don't send INITIAL_CONTACT if remote ID contains wildcards
Such an identity won't equal an actual peer's identity resulting in sending an INITIAL_CONTACT notify even if there might be an existing IKE_SA.
This commit is contained in:
parent
22f13dcecd
commit
2f95c55271
|
@ -466,7 +466,8 @@ METHOD(task_t, build_i, status_t,
|
|||
get_reserved_id_bytes(this, id_payload);
|
||||
message->add_payload(message, (payload_t*)id_payload);
|
||||
|
||||
if (idr && message->get_message_id(message) == 1 &&
|
||||
if (idr && !idr->contains_wildcards(idr) &&
|
||||
message->get_message_id(message) == 1 &&
|
||||
this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO &&
|
||||
this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue