aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c33
1 files changed, 30 insertions, 3 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
index ea5da4ebc..a40bdf176 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c
@@ -335,6 +335,34 @@ static bool use_certs(private_isakmp_cert_pre_t *this, message_t *message)
return use;
}
+/**
+ * Check if we should send a certificate request
+ */
+static bool send_certreq(private_isakmp_cert_pre_t *this)
+{
+ enumerator_t *enumerator;
+ peer_cfg_t *peer_cfg;
+ auth_cfg_t *auth;
+ bool req = FALSE;
+ auth_class_t class;
+
+ peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (peer_cfg)
+ {
+ enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, FALSE);
+ if (enumerator->enumerate(enumerator, &auth))
+ {
+ class = (intptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS);
+ if (class == AUTH_CLASS_PUBKEY)
+ {
+ req = TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ return req;
+}
+
METHOD(task_t, build_i, status_t,
private_isakmp_cert_pre_t *this, message_t *message)
{
@@ -349,11 +377,10 @@ METHOD(task_t, build_i, status_t,
case AGGRESSIVE:
if (this->state == CR_SA)
{
- if (!use_certs(this, message))
+ if (send_certreq(this))
{
- return SUCCESS;
+ build_certreqs(this, message);
}
- build_certreqs(this, message);
}
return NEED_MORE;
default:
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-18 09:36:21 +0000