summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/tasks/ike_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/tasks/ike_auth.c')
-rw-r--r--src/libcharon/sa/tasks/ike_auth.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index a07f96767..a954782f2 100644
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -518,6 +518,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
(uintptr_t)cand->get(cand, AUTH_RULE_EAP_TYPE) == EAP_NAK &&
(uintptr_t)cand->get(cand, AUTH_RULE_EAP_VENDOR) == 0))
{ /* peer requested EAP, but current config does not match */
+ DBG1(DBG_IKE, "peer requested EAP, config inacceptable");
this->peer_cfg->destroy(this->peer_cfg);
this->peer_cfg = NULL;
if (!update_cfg_candidates(this, FALSE))
@@ -527,7 +528,16 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
}
cand = get_auth_cfg(this, FALSE);
}
- cfg->merge(cfg, cand, TRUE);
+ /* copy over the EAP specific rules for authentication */
+ cfg->add(cfg, AUTH_RULE_EAP_TYPE,
+ cand->get(cand, AUTH_RULE_EAP_TYPE));
+ cfg->add(cfg, AUTH_RULE_EAP_VENDOR,
+ cand->get(cand, AUTH_RULE_EAP_VENDOR));
+ id = (identification_t*)cand->get(cand, AUTH_RULE_EAP_IDENTITY);
+ if (id)
+ {
+ cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, id->clone(id));
+ }
}
/* verify authentication data */
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:06:14 +0000