From f7613cb58104658822a2d1162b3af3dcd0f26b36 Mon Sep 17 00:00:00 2001
From: Stefan Berghofer <stefan.berghofer@secunet.com>
Date: Thu, 18 Feb 2021 09:43:10 +0100
Subject: [PATCH] ike-sa: Properly set timing info for delete after rekeying

The job is queued properly, yet the timing information is wrong.

Signed-off-by: Stefan Berghofer <stefan.berghofer@secunet.com>

Fixes: ee61471113c2 ("implemented RFC4478 (repeated authentication)...")
---
 src/libcharon/sa/ike_sa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 0f6f433cf..bf9966b15 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2984,7 +2984,7 @@ METHOD(ike_sa_t, inherit_post, void,
 		this->stats[STAT_REAUTH] = other->stats[STAT_REAUTH];
 		reauth = max(0, this->stats[STAT_REAUTH] - now);
 		delete = reauth + this->peer_cfg->get_over_time(this->peer_cfg);
-		this->stats[STAT_DELETE] = this->stats[STAT_REAUTH] + delete;
+		this->stats[STAT_DELETE] = now + delete;
 		DBG1(DBG_IKE, "rescheduling reauthentication in %ds after rekeying, "
 			 "lifetime reduced to %ds", reauth, delete);
 		lib->scheduler->schedule_job(lib->scheduler,