diff options
| -rw-r--r-- | sbin/iked/ca.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index b536ec69383..0f1949a8e7d 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.69 2020/08/21 14:30:17 tobhe Exp $ */ +/* $OpenBSD: ca.c,v 1.70 2020/09/08 20:20:30 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -575,12 +575,16 @@ ca_getreq(struct iked *env, struct imsg *imsg) * was found and this was the last CERTREQ, try to find one with * subjectAltName matching the ID */ - if (more) + if (cert == NULL && more) return (0); if (cert == NULL) cert = ca_by_subjectaltname(store->ca_certs, &id); + /* Set type if coming from fallback */ + if (cert != NULL) + type = IKEV2_CERT_X509_CERT; + /* If there is no matching certificate use local raw pubkey */ if (cert == NULL) { if (ikev2_print_static_id(&id, idstr, sizeof(idstr)) == -1) |