1 files changed, 33 insertions, 0 deletions

diff --git a/main/strongswan/0006-trap-manager-Properly-check-in-IKE_SA-if-initiating-.patch b/main/strongswan/0006-trap-manager-Properly-check-in-IKE_SA-if-initiating-.patch
new file mode 100644
index 0000000000..f7517568c0
--- /dev/null
+++ b/main/strongswan/0006-trap-manager-Properly-check-in-IKE_SA-if-initiating-.patch
@@ -0,0 +1,33 @@
+From 773fcb1605d413997450b59d114a1c035910cc58 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Thu, 9 Jul 2015 14:34:19 +0200
+Subject: [PATCH] trap-manager: Properly check-in IKE_SA if initiating fails
+
+This basically reverts f4e822c1b422 ("trap-manager: don't check-in
+nonexisting IKE_SA if acquire fails").  As checkout_by_config() could
+return an already existing and established IKE_SA we have to properly
+destroy it, for instance, in case other threads are waiting to check
+it out.  checkin_and_destroy() should handle the case of a new SA
+properly (it produces a log message on level 1, though).
+---
+ src/libcharon/sa/trap_manager.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
+index d6ff3c8..3a70bd1 100644
+--- a/src/libcharon/sa/trap_manager.c
++++ b/src/libcharon/sa/trap_manager.c
+@@ -377,8 +377,8 @@ METHOD(trap_manager_t, acquire, void,
+ 		}
+ 		else
+ 		{
+-			ike_sa->destroy(ike_sa);
+-			charon->bus->set_sa(charon->bus, NULL);
++			charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
++														ike_sa);
+ 		}
+ 	}
+ 	peer->destroy(peer);
+-- 
+2.4.6
+