ike-cert-post: Make absolutely sure certificates are only added to IKE_AUTH
The AUTH payload check should be fine, but add some extra checks just to make really sure and also for clarification.
This commit is contained in:
parent
ecd50064e8
commit
e773dbaeba
|
@ -254,8 +254,10 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
|
|||
METHOD(task_t, build_i, status_t,
|
||||
private_ike_cert_post_t *this, message_t *message)
|
||||
{
|
||||
build_certs(this, message);
|
||||
|
||||
if (message->get_exchange_type(message) == IKE_AUTH)
|
||||
{
|
||||
build_certs(this, message);
|
||||
}
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
||||
|
@ -268,8 +270,10 @@ METHOD(task_t, process_r, status_t,
|
|||
METHOD(task_t, build_r, status_t,
|
||||
private_ike_cert_post_t *this, message_t *message)
|
||||
{
|
||||
build_certs(this, message);
|
||||
|
||||
if (message->get_exchange_type(message) == IKE_AUTH)
|
||||
{
|
||||
build_certs(this, message);
|
||||
}
|
||||
if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
|
||||
{ /* stay alive, we might have additional rounds with certs */
|
||||
return NEED_MORE;
|
||||
|
|
Loading…
Reference in New Issue