currently some parts of the iked(8) payload parser act on the SA structure
before the message was fully parsed and checked, which is obviously bad for
The parser should store it's results in a temporary location
(e.G. in the iked_message struct) and apply changes only when the message
has passed all checks.
This diff moves the CERTREQ payload handling from the parser to the IKE_AUTH
exchange handler function where it belongs.
One more update: I moved to ikev2_handle_certreq() calls somewhere else where
they fit better.
I'd be happy to get some feedback from different iked setups,
in my tests all seems to work as intended. In the best case you
won't notice any difference at all (only the CERTREQ handling will
happen a bit later in recv function).