[strongSwan-dev] [PATCH] vici: default identity to certificate subject if appropriate
Timo Teräs
timo.teras at iki.fi
Fri Aug 22 15:18:25 CEST 2014
If id is not specified and certificate authentication is used,
use the certificate subject name as identity. Simplifies
configuration as in most cases this is the right thing to do.
Signed-off-by: Timo Teräs <timo.teras at iki.fi>
---
src/libcharon/plugins/vici/vici_config.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index a69039d..9f3d393 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1460,6 +1460,18 @@ CALLBACK(peer_sn, bool,
return FALSE;
}
+ if (!auth.cfg->get(auth.cfg, AUTH_RULE_IDENTITY))
+ {
+ certificate_t *cert = auth.cfg->get(auth.cfg, AUTH_RULE_SUBJECT_CERT);
+ if (cert)
+ {
+ identification_t *id = cert->get_subject(cert);
+ DBG1(DBG_CFG, " id not specified, defaulting to cert id '%Y'", id);
+ id = id->clone(id);
+ auth.cfg->add(auth.cfg, AUTH_RULE_IDENTITY, id);
+ }
+ }
+
if (strcasepfx(name, "local"))
{
peer->local->insert_last(peer->local, auth.cfg);
--
2.1.0
More information about the Dev
mailing list