ikev2: Always store signature scheme in auth-cfg

As we use a different rule we can always store the scheme.

1 files changed, 1 insertions, 12 deletions

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 64cd775ad..110c50973 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -55,11 +55,6 @@ struct private_pubkey_authenticator_t {
 	 * Reserved bytes of ID payload
 	 */
 	char reserved[3];
-
-	/**
-	 * Whether to store signature schemes on remote auth configs.
-	 */
-	bool store_signature_scheme;
 };
 
 /**
@@ -425,11 +420,7 @@ METHOD(authenticator_t, process, status_t,
 			status = SUCCESS;
 			auth->merge(auth, current_auth, FALSE);
 			auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
-			if (this->store_signature_scheme)
-			{
-				auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME,
-						 (uintptr_t)scheme);
-			}
+			auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, (uintptr_t)scheme);
 			break;
 		}
 		else
@@ -502,8 +493,6 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
 		.ike_sa = ike_sa,
 		.ike_sa_init = received_init,
 		.nonce = sent_nonce,
-		.store_signature_scheme = lib->settings->get_bool(lib->settings,
-					"%s.signature_authentication_constraints", TRUE, lib->ns),
 	);
 	memcpy(this->reserved, reserved, sizeof(this->reserved));