ike-auth: Don't send INITIAL_CONTACT if remote ID contains wildcards

Such an identity won't equal an actual peer's identity resulting in sending an INITIAL_CONTACT notify even if there might be an existing IKE_SA.
author: Tobias Brunner <tobias@strongswan.org> 2016-11-14 15:39:17 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2017-02-06 11:16:53 +0100
commit: 2f95c55271fdfbe5ecf1648cc33e885bdd09db9e (patch)
tree: 5152e5a618ac6b43b09d7836b53cc83dff1aace5 /src
parent: 22f13dcecdd7c788cf5cbf9533d2fb7a1f8317f5 (diff)
download: strongswan-2f95c55271fdfbe5ecf1648cc33e885bdd09db9e.tar.bz2
strongswan-2f95c55271fdfbe5ecf1648cc33e885bdd09db9e.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 036910d0e..1e47144dc 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -466,7 +466,8 @@ METHOD(task_t, build_i, status_t,
 		get_reserved_id_bytes(this, id_payload);
 		message->add_payload(message, (payload_t*)id_payload);
 
-		if (idr && message->get_message_id(message) == 1 &&
+		if (idr && !idr->contains_wildcards(idr) &&
+			message->get_message_id(message) == 1 &&
 			this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NO &&
 			this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
 		{
author	Tobias Brunner <tobias@strongswan.org>	2016-11-14 15:39:17 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2017-02-06 11:16:53 +0100
commit	2f95c55271fdfbe5ecf1648cc33e885bdd09db9e (patch)
tree	5152e5a618ac6b43b09d7836b53cc83dff1aace5 /src
parent	22f13dcecdd7c788cf5cbf9533d2fb7a1f8317f5 (diff)
download	strongswan-2f95c55271fdfbe5ecf1648cc33e885bdd09db9e.tar.bz2 strongswan-2f95c55271fdfbe5ecf1648cc33e885bdd09db9e.tar.xz