From a347c1ac437803c23aa8858089d99f4f604fcebc Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Mon, 9 Jan 2012 17:10:48 +0100
Subject: [PATCH] Fix sending of CERTREQ/CERT payloads in aggressive mode

---
 src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c | 9 +++++++--
 src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c  | 5 +++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
index 5fbd04aea..b88b9e31a 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
@@ -286,9 +286,14 @@ METHOD(task_t, process_i, status_t,
 		}
 		case AGGRESSIVE:
 		{
-			if (!use_certs(this, message))
+			if (this->state == CR_SA)
 			{
-				return SUCCESS;
+				if (!use_certs(this, message))
+				{
+					return SUCCESS;
+				}
+				this->state = CR_AUTH;
+				return NEED_MORE;
 			}
 			return SUCCESS;
 		}
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
index 25c4af6e8..8d0405730 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
@@ -426,6 +426,10 @@ METHOD(task_t, build_r, status_t,
 			switch (this->state)
 			{
 				case CR_SA:
+					if (this->send_req)
+					{
+						build_certreqs(this, message);
+					}
 					this->state = CR_AUTH;
 					return NEED_MORE;
 				case CR_AUTH:
@@ -474,6 +478,7 @@ METHOD(task_t, process_i, status_t,
 			}
 			process_certreqs(this, message);
 			process_certs(this, message);
+			this->state = CR_AUTH;
 			return SUCCESS;
 		}
 		default: