summaryrefslogtreecommitdiff
path: root/src/pluto/ipsec_doi.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2007-10-26 14:24:26 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2007-10-26 14:24:26 +0000
commit3168dc628f034e03bb4fab16e8a00da59a5c86e1 (patch)
tree663da4d1badc1373ec59d9bdc39f893af0cc8a75 /src/pluto/ipsec_doi.c
parent1a144d57c8f2f08513b747078d185db688637859 (diff)
downloadvyos-strongswan-3168dc628f034e03bb4fab16e8a00da59a5c86e1.tar.gz
vyos-strongswan-3168dc628f034e03bb4fab16e8a00da59a5c86e1.zip
- Import new upstream release 4.1.8.
Diffstat (limited to 'src/pluto/ipsec_doi.c')
-rw-r--r--src/pluto/ipsec_doi.c37
1 files changed, 26 insertions, 11 deletions
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 1c22b299b..852b2e73e 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -12,7 +12,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
- * RCSID $Id: ipsec_doi.c,v 1.39 2006/04/22 21:59:20 as Exp $
+ * RCSID $Id: ipsec_doi.c 3252 2007-10-06 21:24:50Z andreas $
*/
#include <stdio.h>
@@ -80,6 +80,15 @@
#endif /* !VENDORID */
/*
+ * are we sending an XAUTH VID?
+ */
+#ifdef XAUTH_VID
+#define SEND_XAUTH_VID 1
+#else /* !XAUTH_VID */
+#define SEND_XAUTH_VID 0
+#endif /* !XAUTH_VID */
+
+/*
* are we sending a Cisco Unity VID?
*/
#ifdef CISCO_QUIRKS
@@ -899,7 +908,7 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
vids_to_send++;
if (c->spd.this.cert.type == CERT_PGP)
vids_to_send++;
- /* always send XAUTH Vendor ID */
+ if (SEND_XAUTH_VID)
vids_to_send++;
/* always send DPD Vendor ID */
vids_to_send++;
@@ -993,11 +1002,14 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
}
/* Announce our ability to do eXtended AUTHentication to the peer */
- if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
- , &rbody, VID_MISC_XAUTH))
+ if (SEND_XAUTH_VID)
{
- reset_cur_state();
- return STF_INTERNAL_ERROR;
+ if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
+ , &rbody, VID_MISC_XAUTH))
+ {
+ reset_cur_state();
+ return STF_INTERNAL_ERROR;
+ }
}
/* Announce our ability to do Dead Peer Detection to the peer */
@@ -2479,7 +2491,7 @@ switch_connection(struct msg_digest *md, struct id *peer, bool initiator)
DBG(DBG_CONTROL,
char buf[BUF_LEN];
- dntoa_or_null(buf, BUF_LEN, c->spd.this.ca, "%none");
+ dntoa_or_null(buf, BUF_LEN, c->spd.that.ca, "%none");
DBG_log("required CA: '%s'", buf);
)
@@ -3114,7 +3126,7 @@ main_inI1_outR1(struct msg_digest *md)
vids_to_send++;
if (md->openpgp)
vids_to_send++;
- /* always send XAUTH Vendor ID */
+ if (SEND_XAUTH_VID)
vids_to_send++;
/* always send DPD Vendor ID */
vids_to_send++;
@@ -3182,10 +3194,13 @@ main_inI1_outR1(struct msg_digest *md)
}
/* Announce our ability to do eXtended AUTHentication to the peer */
- if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
- , &md->rbody, VID_MISC_XAUTH))
+ if (SEND_XAUTH_VID)
{
- return STF_INTERNAL_ERROR;
+ if (!out_vendorid(vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE
+ , &md->rbody, VID_MISC_XAUTH))
+ {
+ return STF_INTERNAL_ERROR;
+ }
}
/* Announce our ability to do Dead Peer Detection to the peer */