If no inbound CHILD_SA is found, try to find an outbound SA.

Due to the new lifetime limits in- and outbound SAs may expire
individually.

src/charon/sa/tasks/child_delete.c

@@ -269,8 +269,15 @@ static status_t build_i(private_child_delete_t *this, message_t *message)
 	child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
 										  this->spi, TRUE);
 	if (!child_sa)
-	{	/* child does not exist anymore */
-		return SUCCESS;
+	{	/* check if it is an outbound sa */
+		child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
+											  this->spi, FALSE);
+		if (!child_sa)
+		{	/* child does not exist anymore */
+			return SUCCESS;
+		}
+		/* we work only with the inbound SPI */
+		this->spi = child_sa->get_spi(child_sa, TRUE);
 	}
 	this->child_sas->insert_last(this->child_sas, child_sa);
 	if (child_sa->get_state(child_sa) == CHILD_REKEYING)

src/charon/sa/tasks/child_rekey.c

@@ -144,8 +144,15 @@ static status_t build_i(private_child_rekey_t *this, message_t *message)
 	this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
 												this->spi, TRUE);
 	if (!this->child_sa)
-	{	/* CHILD_SA is gone, unable to rekey */
-		return SUCCESS;
+	{	/* check if it is an outbound CHILD_SA */
+		this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
+													this->spi, FALSE);
+		if (!this->child_sa)
+		{	/* CHILD_SA is gone, unable to rekey */
+			return SUCCESS;
+		}
+		/* we work only with the inbound SPI */
+		this->spi = this->child_sa->get_spi(this->child_sa, TRUE);
 	}
 	config = this->child_sa->get_config(this->child_sa);