[strongSwan-dev] [PATCH] vici: default identity to certificate subject if appropriate

Timo Teräs Fri, 22 Aug 2014 06:19:21 -0700

If id is not specified and certificate authentication is used,
use the certificate subject name as identity. Simplifies
configuration as in most cases this is the right thing to do.


Signed-off-by: Timo Teräs <[email protected]>
---
 src/libcharon/plugins/vici/vici_config.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/libcharon/plugins/vici/vici_config.c 
b/src/libcharon/plugins/vici/vici_config.c
index a69039d..9f3d393 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1460,6 +1460,18 @@ CALLBACK(peer_sn, bool,
                        return FALSE;
                }
 
+               if (!auth.cfg->get(auth.cfg, AUTH_RULE_IDENTITY))
+               {
+                       certificate_t *cert = auth.cfg->get(auth.cfg, 
AUTH_RULE_SUBJECT_CERT);
+                       if (cert)
+                       {
+                               identification_t *id = cert->get_subject(cert);
+                               DBG1(DBG_CFG, "  id not specified, defaulting 
to cert id '%Y'", id);
+                               id = id->clone(id);
+                               auth.cfg->add(auth.cfg, AUTH_RULE_IDENTITY, id);
+                       }
+               }
+
                if (strcasepfx(name, "local"))
                {
                        peer->local->insert_last(peer->local, auth.cfg);
-- 
2.1.0

_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev

[strongSwan-dev] [PATCH] vici: default identity to certificate subject if appropriate

Reply via email to