Fix sending of CERTREQ/CERT payloads in aggressive mode

2 files changed, 12 insertions, 2 deletions

diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
index 5fbd04aea..b88b9e31a 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_post.c
@@ -286,9 +286,14 @@ METHOD(task_t, process_i, status_t,
 		}
 		case AGGRESSIVE:
 		{
-			if (!use_certs(this, message))
+			if (this->state == CR_SA)
 			{
-				return SUCCESS;
+				if (!use_certs(this, message))
+				{
+					return SUCCESS;
+				}
+				this->state = CR_AUTH;
+				return NEED_MORE;
 			}
 			return SUCCESS;
 		}
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
index 25c4af6e8..8d0405730 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
@@ -426,6 +426,10 @@ METHOD(task_t, build_r, status_t,
 			switch (this->state)
 			{
 				case CR_SA:
+					if (this->send_req)
+					{
+						build_certreqs(this, message);
+					}
 					this->state = CR_AUTH;
 					return NEED_MORE;
 				case CR_AUTH:
@@ -474,6 +478,7 @@ METHOD(task_t, process_i, status_t,
 			}
 			process_certreqs(this, message);
 			process_certs(this, message);
+			this->state = CR_AUTH;
 			return SUCCESS;
 		}
 		default: