ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ike-cert-post: Make absolutely sure certificates are only added to IKE_AUTH 

The AUTH payload check should be fine, but add some extra checks just to make
really sure and also for clarification.
This commit is contained in:
Tobias Brunner 2018-06-25 12:23:50 +02:00 committed by Andreas Steffen
parent ecd50064e8
commit e773dbaeba
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/libcharon/sa/ikev2/tasks/ike_cert_post.c
View File

@ -254,8 +254,10 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
METHOD(task_t, build_i, status_t,
private_ike_cert_post_t *this, message_t *message)
{
build_certs(this, message);
if (message->get_exchange_type(message) == IKE_AUTH)
{
build_certs(this, message);
}
return NEED_MORE;
}
@ -268,8 +270,10 @@ METHOD(task_t, process_r, status_t,
METHOD(task_t, build_r, status_t,
private_ike_cert_post_t *this, message_t *message)
{
build_certs(this, message);
if (message->get_exchange_type(message) == IKE_AUTH)
{
build_certs(this, message);
}
if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
{ /* stay alive, we might have additional rounds with certs */
return NEED_MORE;