Revert "Send INITIAL_CONTACT even if we have a unique policy"

It makes sense to omit INITIAL_CONTACT if don't have a unique policy, as a client might want to connect from different devices to the same account. This reverts commit 719c33b41a.
2011-01-13 10:50:46 +01:00 · 2011-01-13 10:50:46 +01:00 · 983a5e88d3
parent 9bac426bf3
commit 983a5e88d3
2 changed files with 4 additions and 2 deletions
--- a/3
+++ b/3
@ -42,7 +42,8 @@ strongswan-4.5.1
  xcbc algorithms.

 - The IKEv2 daemon supports the INITIAL_CONTACT notify as initiator and
-  responder.
+  responder. The notify is sent when initiating configurations with a unique
+  policy, set in ipsec.conf via the global 'uniqueids' option.

 - The conftest conformance testing framework enables the IKEv2 stack to perform
  many tests using a distinct tool and configuration frontend. Various hooks
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@ -429,7 +429,8 @@ static status_t build_i(private_ike_auth_t *this, message_t *message)
 		get_reserved_id_bytes(this, id_payload);
 		message->add_payload(message, (payload_t*)id_payload);

-		if (idr && message->get_message_id(message))
+		if (idr && message->get_message_id(message) == 1 &&
+			this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO)
 		{
 			host_t *host;