fixed reauthentication when using %any hosts

3 files changed, 11 insertions, 8 deletions

diff --git a/src/charon/queues/jobs/initiate_job.c b/src/charon/queues/jobs/initiate_job.c
index 8b943a3f1..3d7fd5c5c 100644
--- a/src/charon/queues/jobs/initiate_job.c
+++ b/src/charon/queues/jobs/initiate_job.c
@@ -78,6 +78,7 @@ static status_t execute(private_initiate_job_t *this)
 	
 	if (this->other)
 	{
+		DBG1(DBG_JOB, "using other host %H", this->other);
 		ike_sa->set_other_host(ike_sa, this->other->clone(this->other));
 	}
 	
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index f8c24742f..1f8cf5cd7 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -900,15 +900,14 @@ static status_t initiate(private_ike_sa_t *this,
 				this->my_host = connection->get_my_host(connection);
 				this->my_host = this->my_host->clone(this->my_host);
 			}
+			DBG1(DBG_IKE, "this->other: %H", this->other_host);
+			DBG1(DBG_IKE, "connections other: %H", connection->get_other_host(connection));
 			if (this->other_host->is_anyaddr(this->other_host))
 			{
 				this->other_host->destroy(this->other_host);
 				this->other_host = connection->get_other_host(connection);
 				this->other_host = this->other_host->clone(this->other_host);
 			}
-			this->retrans_sequences = connection->get_retrans_seq(connection);
-			this->dpd_delay = connection->get_dpd_delay(connection);
-			
 			if (this->other_host->is_anyaddr(this->other_host))
 			{
 				SIG(IKE_UP_START, "establishing new IKE_SA for CHILD_SA");
@@ -918,6 +917,9 @@ static status_t initiate(private_ike_sa_t *this,
 				return DESTROY_ME;
 			}
 			
+			this->retrans_sequences = connection->get_retrans_seq(connection);
+			this->dpd_delay = connection->get_dpd_delay(connection);
+			
 			this->message_id_out = 1;
 			ike_sa_init = ike_sa_init_create(&this->public);
 			ike_sa_init->set_config(ike_sa_init, connection, policy);
diff --git a/src/charon/sa/transactions/ike_sa_init.c b/src/charon/sa/transactions/ike_sa_init.c
index c85a27f32..b5728a986 100644
--- a/src/charon/sa/transactions/ike_sa_init.c
+++ b/src/charon/sa/transactions/ike_sa_init.c
@@ -276,8 +276,8 @@ static status_t get_request(private_ike_sa_init_t *this, message_t **result)
 		return SUCCESS;
 	}
 	
-	me = this->connection->get_my_host(this->connection);
-	other = this->connection->get_other_host(this->connection);
+	me = this->ike_sa->get_my_host(this->ike_sa);
+	other = this->ike_sa->get_other_host(this->ike_sa);
 	
 	/* we already set up the IDs. Mine is already fully qualified, other
 	 * will be updated in the ike_auth transaction */
@@ -372,7 +372,7 @@ static status_t get_request(private_ike_sa_init_t *this, message_t **result)
 		/* N(NAT_DETECTION_SOURCE_IP)+
 		 * we include only one notify if our address is defined, but all
 		 * possible if not */
-		host = this->connection->get_my_host(this->connection);
+		host = this->ike_sa->get_my_host(this->ike_sa);
 		if (host->is_anyaddr(host))
 		{
 			/* TODO: we could get the src address from netlink */
@@ -867,8 +867,8 @@ static status_t conclude(private_ike_sa_init_t *this, message_t *response,
 	/* allow setting of next transaction in other functions */
 	this->next = next;
 	
-	me = this->connection->get_my_host(this->connection);
-	other = this->connection->get_other_host(this->connection);
+	me = this->ike_sa->get_my_host(this->ike_sa);
+	other = this->ike_sa->get_other_host(this->ike_sa);
 	
 	/* check if SPI has been updated, but apply only if all goes ok later */
 	responder_spi = response->get_responder_spi(response);