diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-10-01 10:59:24 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2015-10-01 10:59:24 +0000 |
| commit | f2f83bfbbc895cbc3b645c6dab69c15b3d7d9e50 (patch) | |
| tree | ae8e49394d4b6c4691b87e8b329309491eece4be /sbin/iked/ikev2_pld.c | |
| parent | e54a3e4460c60116992bd7b7b4d42cf47db5af64 (diff) | |
Fix interoperability with Apple iOS9: If we don't get a (valid)
CERTREQ but a CERT, respond with a local CERT that was selected based
on our own policy instead of leaving it out. This seems to be valid
with the RFC that makes the CERTREQ optional and allows to ignore it
or to apply an own policy.
OK mikeb@ sthen@
Diffstat (limited to 'sbin/iked/ikev2_pld.c')
| -rw-r--r-- | sbin/iked/ikev2_pld.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index 0b4c470c0e0..8fb56fb539a 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.52 2015/08/21 11:59:27 reyk Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.53 2015/10/01 10:59:23 reyk Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -931,7 +931,7 @@ ikev2_pld_certreq(struct iked *env, struct ikev2_payload *pld, else sa->sa_statevalid |= IKED_REQ_CERT; - ca_setreq(env, &sa->sa_hdr, &sa->sa_policy->pol_localid, + ca_setreq(env, sa, &sa->sa_policy->pol_localid, cert.cert_type, buf, len, PROC_CERT); return (0); |