[strongSwan-dev] [PATCH] vici: default identity to certificate subject if appropriate

[Timo Teräs]

If id is not specified and certificate authentication is used,
use the certificate subject name as identity. Simplifies
configuration as in most cases this is the right thing to do.

Signed-off-by: Timo Teräs <timo.teras at iki.fi>
---
 src/libcharon/plugins/vici/vici_config.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index a69039d..9f3d393 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1460,6 +1460,18 @@ CALLBACK(peer_sn, bool,
 			return FALSE;
 		}
 
+		if (!auth.cfg->get(auth.cfg, AUTH_RULE_IDENTITY))
+		{
+			certificate_t *cert = auth.cfg->get(auth.cfg, AUTH_RULE_SUBJECT_CERT);
+			if (cert)
+			{
+				identification_t *id = cert->get_subject(cert);
+				DBG1(DBG_CFG, "  id not specified, defaulting to cert id '%Y'", id);
+				id = id->clone(id);
+				auth.cfg->add(auth.cfg, AUTH_RULE_IDENTITY, id);
+			}
+		}
+
 		if (strcasepfx(name, "local"))
 		{
 			peer->local->insert_last(peer->local, auth.cfg);
-- 
2.1.0