Enable Cisco Unity only if Unity vendor id received

3 files changed, 5 insertions, 2 deletions

diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c
index e48debede..b2aeba605 100644
--- a/src/libcharon/plugins/unity/unity_handler.c
+++ b/src/libcharon/plugins/unity/unity_handler.c
@@ -341,7 +341,8 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *,
 	ike_sa_t *ike_sa;
 
 	ike_sa = charon->bus->get_sa(charon->bus);
-	if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1)
+	if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1 ||
+		!ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
 	{
 		return enumerator_create_empty();
 	}
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 3ee7f93ab..6a86fed26 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -116,7 +116,8 @@ METHOD(listener_t, narrow, bool,
 	private_unity_narrow_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
 	narrow_hook_t type, linked_list_t *local, linked_list_t *remote)
 {
-	if (ike_sa->get_version(ike_sa) == IKEV1)
+	if (ike_sa->get_version(ike_sa) == IKEV1 &&
+		ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY))
 	{
 		switch (type)
 		{
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index 753cd9839..5ebde17d3 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -108,6 +108,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
 
 	ike_sa = charon->bus->get_sa(charon->bus);
 	if (!ike_sa || ike_sa->get_version(ike_sa) != IKEV1 ||
+		!ike_sa->supports_extension(ike_sa, EXT_CISCO_UNITY) ||
 		!vips->get_count(vips))
 	{
 		return NULL;