ikev1: Fix PSK lookup for Main Mode initiators
We need the PSK/identity already when deriving the keys in process_i().
Fixes: 1665a4e050
("ikev1: Use actual local identity as initiator or aggressive mode responder")
This commit is contained in:
parent
62367f2c01
commit
736ac65554
|
@ -250,6 +250,7 @@ METHOD(task_t, build_i, status_t,
|
|||
{
|
||||
sa_payload_t *sa_payload;
|
||||
linked_list_t *proposals;
|
||||
identification_t *id;
|
||||
packet_t *packet;
|
||||
|
||||
DBG0(DBG_IKE, "initiating Main Mode IKE_SA %s[%d] to %H",
|
||||
|
@ -261,6 +262,8 @@ METHOD(task_t, build_i, status_t,
|
|||
this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
|
||||
this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
|
||||
this->peer_cfg->get_ref(this->peer_cfg);
|
||||
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
|
||||
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
|
||||
|
||||
this->method = this->ph1->get_auth_method(this->ph1, this->peer_cfg);
|
||||
if (this->method == AUTH_NONE)
|
||||
|
@ -331,8 +334,7 @@ METHOD(task_t, build_i, status_t,
|
|||
id_payload_t *id_payload;
|
||||
identification_t *id;
|
||||
|
||||
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
|
||||
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
|
||||
id = this->ike_sa->get_my_id(this->ike_sa);
|
||||
id_payload = id_payload_create_from_identification(PLV1_ID, id);
|
||||
message->add_payload(message, &id_payload->payload_interface);
|
||||
|
||||
|
|
Loading…
Reference in New Issue