diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2444f03
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/libreswan-3.8.tar.gz
diff --git a/SOURCES/libreswan-3.8-create_child_stub.patch b/SOURCES/libreswan-3.8-create_child_stub.patch
index 2f8ae53..f241dce 100644
--- a/SOURCES/libreswan-3.8-create_child_stub.patch
+++ b/SOURCES/libreswan-3.8-create_child_stub.patch
@@ -1,6 +1,6 @@
 diff -Naur libreswan-3.8-orig/include/ietf_constants.h libreswan-3.8/include/ietf_constants.h
---- libreswan-3.8-orig/include/ietf_constants.h	2014-01-16 00:46:24.000000000 -0700
-+++ libreswan-3.8/include/ietf_constants.h	2014-03-18 14:19:55.404000000 -0600
+--- libreswan-3.8-orig/include/ietf_constants.h	2014-01-16 02:46:24.000000000 -0500
++++ libreswan-3.8/include/ietf_constants.h	2014-04-10 15:55:22.303340560 -0400
 @@ -607,7 +607,7 @@
  	/* IKEv2 things */
  	ISAKMP_v2_SA_INIT = 34,
@@ -11,8 +11,8 @@ diff -Naur libreswan-3.8-orig/include/ietf_constants.h libreswan-3.8/include/iet
  	ISAKMP_v2_IKE_SESSION_RESUME = 38, /* RFC 5723 */
  
 diff -Naur libreswan-3.8-orig/include/pluto_constants.h libreswan-3.8/include/pluto_constants.h
---- libreswan-3.8-orig/include/pluto_constants.h	2014-01-16 00:46:24.000000000 -0700
-+++ libreswan-3.8/include/pluto_constants.h	2014-03-18 14:21:08.955000000 -0600
+--- libreswan-3.8-orig/include/pluto_constants.h	2014-01-16 02:46:24.000000000 -0500
++++ libreswan-3.8/include/pluto_constants.h	2014-04-10 15:55:22.303340560 -0400
 @@ -424,6 +424,11 @@
  
  #define IS_PARENT_SA_ESTABLISHED(s) ((s) == STATE_PARENT_I2 || (s) == \
@@ -26,8 +26,8 @@ diff -Naur libreswan-3.8-orig/include/pluto_constants.h libreswan-3.8/include/pl
   * Issue here is that our child sa appears as a STATE_PARENT_I3/STATE_PARENT_R2 state which it should not
   * So we fall back to checking if it is cloned, and therefor really a child
 diff -Naur libreswan-3.8-orig/lib/libswan/constants.c libreswan-3.8/lib/libswan/constants.c
---- libreswan-3.8-orig/lib/libswan/constants.c	2014-01-16 00:46:24.000000000 -0700
-+++ libreswan-3.8/lib/libswan/constants.c	2014-03-18 14:22:07.062000000 -0600
+--- libreswan-3.8-orig/lib/libswan/constants.c	2014-01-16 02:46:24.000000000 -0500
++++ libreswan-3.8/lib/libswan/constants.c	2014-04-10 15:55:22.303340560 -0400
 @@ -269,7 +269,7 @@
  static const char *const exchange_name_ikev2[] = {
  	"ISAKMP_v2_SA_INIT",
@@ -38,8 +38,8 @@ diff -Naur libreswan-3.8-orig/lib/libswan/constants.c libreswan-3.8/lib/libswan/
  	"ISAKMP_v2_IKE_SESSION_RESUME",
  };
 diff -Naur libreswan-3.8-orig/programs/pluto/ikev2.c libreswan-3.8/programs/pluto/ikev2.c
---- libreswan-3.8-orig/programs/pluto/ikev2.c	2014-01-16 00:46:24.000000000 -0700
-+++ libreswan-3.8/programs/pluto/ikev2.c	2014-03-18 14:19:55.404000000 -0600
+--- libreswan-3.8-orig/programs/pluto/ikev2.c	2014-01-16 02:46:24.000000000 -0500
++++ libreswan-3.8/programs/pluto/ikev2.c	2014-04-10 15:55:37.668690909 -0400
 @@ -150,6 +150,31 @@
   *                                          TSi, TSr}
   * [Child SA established]
@@ -109,9 +109,33 @@ diff -Naur libreswan-3.8-orig/programs/pluto/ikev2.c libreswan-3.8/programs/plut
  	/* Informational Exchange*/
  	{ .state      = STATE_PARENT_R2,
  	  .next_state = STATE_PARENT_R2,
+@@ -607,7 +662,11 @@
+ 			continue;
+ 
+ 		/* ??? not sure that this is necessary, but it ought to be correct */
+-		if ( ((svm->flags&SMF2_INITIATOR) != 0) != ((md->hdr.isa_flags & ISAKMP_FLAGS_R) != 0) )
++		/* This check cannot apply for an informational exchange since one
++		 * can be initiated by the initial responder.
++		 */
++		if (ix != ISAKMP_v2_INFORMATIONAL &&
++			(((svm->flags&SMF2_INITIATOR) != 0) != ((md->hdr.isa_flags & ISAKMP_FLAGS_R) != 0)))
+ 			continue;
+ 
+ 		/* must be the right state */
+@@ -832,6 +891,10 @@
+ 
+ 	case RESPONDER:
+ 		pst->st_msgid_lastrecv = md->msgid_received;
++		/* the responder requires msgid_nextuse if it ever needs to
++		 * initiate an informational exchange
++		 */
++		pst->st_msgid_nextuse = md->msgid_received + 1;
+ 		break;
+ 	}
+ }
 diff -Naur libreswan-3.8-orig/programs/pluto/ikev2.h libreswan-3.8/programs/pluto/ikev2.h
---- libreswan-3.8-orig/programs/pluto/ikev2.h	2014-01-16 00:46:24.000000000 -0700
-+++ libreswan-3.8/programs/pluto/ikev2.h	2014-03-18 14:19:55.404000000 -0600
+--- libreswan-3.8-orig/programs/pluto/ikev2.h	2014-01-16 02:46:24.000000000 -0500
++++ libreswan-3.8/programs/pluto/ikev2.h	2014-04-10 15:55:22.304340582 -0400
 @@ -35,6 +35,8 @@
  extern stf_status ikev2_send_informational(struct state *st);
  
@@ -122,9 +146,9 @@ diff -Naur libreswan-3.8-orig/programs/pluto/ikev2.h libreswan-3.8/programs/plut
  extern stf_status ikev2parent_inR1(struct msg_digest *md);
  extern stf_status ikev2parent_inR1outI2(struct msg_digest *md);
 diff -Naur libreswan-3.8-orig/programs/pluto/ikev2_parent.c libreswan-3.8/programs/pluto/ikev2_parent.c
---- libreswan-3.8-orig/programs/pluto/ikev2_parent.c	2014-01-16 00:46:24.000000000 -0700
-+++ libreswan-3.8/programs/pluto/ikev2_parent.c	2014-03-18 14:19:55.405000000 -0600
-@@ -2722,6 +2722,122 @@
+--- libreswan-3.8-orig/programs/pluto/ikev2_parent.c	2014-01-16 02:46:24.000000000 -0500
++++ libreswan-3.8/programs/pluto/ikev2_parent.c	2014-04-10 15:55:37.668690909 -0400
+@@ -2722,8 +2722,125 @@
  	delete_state(pst);
  }
  
@@ -246,4 +270,125 @@ diff -Naur libreswan-3.8-orig/programs/pluto/ikev2_parent.c libreswan-3.8/progra
 +
  stf_status process_informational_ikev2(struct msg_digest *md)
  {
++	enum phase1_role prole;
  	/* verify that there is in fact an encrypted payload */
+ 	if (md->chain[ISAKMP_NEXT_v2E] == NULL) {
+ 		libreswan_log(
+@@ -2734,15 +2851,23 @@
+ 	/* decrypt things. */
+ 	{
+ 		stf_status ret;
++		struct state *ost = md->st;
+ 
+-		if (md->hdr.isa_flags & ISAKMP_FLAGS_I) {
++		/*
++		 * Since an informational exchange can be started by the original responder,
++		 * things such as encryption, decryption should be done based on the original
++		 * role and not the md->role
++		 */
++		if (IS_V2_INITIATOR(ost->st_state)) {
++			prole = INITIATOR;
+ 			DBG(DBG_CONTROLMORE,
+-			    DBG_log("received informational exchange request from INITIATOR"));
+-			ret = ikev2_decrypt_msg(md, RESPONDER);
++			    DBG_log("received informational exchange request from the original responder"));
++			ret = ikev2_decrypt_msg(md, INITIATOR);
+ 		} else {
++			prole = RESPONDER;
+ 			DBG(DBG_CONTROLMORE,
+-			    DBG_log("received informational exchange request from RESPONDER"));
+-			ret = ikev2_decrypt_msg(md, INITIATOR);
++			    DBG_log("received informational exchange request from the original initiator"));
++			ret = ikev2_decrypt_msg(md, RESPONDER);
+ 		}
+ 
+ 		if (ret != STF_OK)
+@@ -2791,10 +2916,6 @@
+ 				r_hdr.isa_np = ISAKMP_NEXT_v2E;
+ 				r_hdr.isa_msgid = htonl(md->msgid_received);
+ 
+-				/*set initiator bit if we are initiator*/
+-				if (md->role == INITIATOR)
+-					r_hdr.isa_flags |= ISAKMP_FLAGS_I;
+-
+ 				r_hdr.isa_flags  |=  ISAKMP_FLAGS_R;
+ 
+ 				if (!out_struct(&r_hdr, &isakmp_hdr_desc,
+@@ -3016,7 +3137,7 @@
+ 				close_output_pbs(&md->rbody);
+ 				close_output_pbs(&reply_stream);
+ 
+-				ret = ikev2_encrypt_msg(md, md->role,
++				ret = ikev2_encrypt_msg(md, prole,
+ 							authstart,
+ 							iv, encstart, authloc,
+ 							&e_pbs, &e_pbs_cipher);
+@@ -3158,7 +3279,7 @@
+ 
+ stf_status ikev2_send_informational(struct state *st)
+ {
+-	struct state *pst = NULL;
++	struct state *pst = st;
+ 
+ 	if (IS_CHILD_SA(st)) {
+ 		pst = state_with_serialno(st->st_clonedfrom);
+@@ -3169,8 +3290,6 @@
+ 			    DBG_log("INFORMATIONAL exchange can not be sent"));
+ 			return STF_IGNORE;
+ 		}
+-	} else {
+-		pst = st;
+ 	}
+ 
+ 	{
+@@ -3180,7 +3299,6 @@
+ 		int ivsize;
+ 		struct msg_digest md;
+ 		struct ikev2_generic e;
+-		enum phase1_role role;
+ 		pb_stream e_pbs, e_pbs_cipher;
+ 		pb_stream rbody;
+ 		pb_stream request;
+@@ -3204,18 +3322,14 @@
+ 			       COOKIE_SIZE);
+ 			r_hdr.isa_xchg = ISAKMP_v2_INFORMATIONAL;
+ 			r_hdr.isa_np = ISAKMP_NEXT_v2E;
++			r_hdr.isa_flags |= ISAKMP_FLAGS_I;
++			r_hdr.isa_msgid = htonl(pst->st_msgid_nextuse);
+ 
+-			if (pst->st_state == STATE_PARENT_I2 ||
+-			    pst->st_state == STATE_PARENT_I3) {
+-				r_hdr.isa_flags |= ISAKMP_FLAGS_I;
+-				role = INITIATOR;
+-				r_hdr.isa_msgid = htonl(pst->st_msgid_nextuse);
+-			} else {
+-				role = RESPONDER;
+-				r_hdr.isa_msgid = htonl(
+-					pst->st_msgid_lastrecv + 1);
+-			}
+-
++			/* encryption role based on original state not md state */
++			if (IS_V2_INITIATOR(pst->st_state))
++				md.role = INITIATOR;
++			else
++				md.role = RESPONDER;
+ 			if (!out_struct(&r_hdr, &isakmp_hdr_desc,
+ 					&request, &rbody)) {
+ 				libreswan_log(
+@@ -3261,7 +3375,7 @@
+ 			close_output_pbs(&rbody);
+ 			close_output_pbs(&request);
+ 
+-			ret = ikev2_encrypt_msg(&md, role,
++			ret = ikev2_encrypt_msg(&md, md.role,
+ 						authstart,
+ 						iv, encstart, authloc,
+ 						&e_pbs, &e_pbs_cipher);
+@@ -3276,7 +3390,6 @@
+ 			     "reply packet for informational exchange");
+ 		pst->st_pend_liveness = TRUE; /* we should only do this when dpd/liveness is active? */
+ 		send_ike_msg(pst, __FUNCTION__);
+-		ikev2_update_counters(&md);
+ 	}
+ 
+ 	return STF_OK;
diff --git a/SPECS/libreswan.spec b/SPECS/libreswan.spec
index f0c2402..4344af5 100644
--- a/SPECS/libreswan.spec
+++ b/SPECS/libreswan.spec
@@ -16,7 +16,7 @@
 Name: libreswan
 Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
 Version: 3.8
-Release: %{?prever:0.}4%{?prever:.%{prever}}%{?dist}
+Release: %{?prever:0.}5%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://www.libreswan.org/
 Source: https://download.libreswan.org/%{name}-%{version}%{?prever}.tar.gz
@@ -212,6 +212,10 @@ if [ ! -f %{_sysconfdir}/ipsec.d/cert8.db ] ; then
 fi
 
 %changelog
+* Thu Apr 10 2014 Paul Wouters <pwouters@redhat.com> - 3.8-5
+- Resolves: rhbz#1052834 create_child_sa message ID handling
+
+
 * Tue Mar 18 2014 Paul Wouters <pwouters@redhat.com> - 3.8-4
 - Resolves: rhbz#1052834 create_child_sa response