If id is not specified and certificate authentication is used, use the certificate subject name as identity. Simplifies configuration as in most cases this is the right thing to do.
Signed-off-by: Timo Teräs <[email protected]> --- src/libcharon/plugins/vici/vici_config.c | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 6491610..eb6ef86 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -13,6 +13,28 @@ * for more details. */ +/* + * Copyright (C) 2014 Timo Teräs <[email protected]> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + #define _GNU_SOURCE #include "vici_config.h" @@ -1460,6 +1482,18 @@ CALLBACK(peer_sn, bool, return FALSE; } + if (!auth.cfg->get(auth.cfg, AUTH_RULE_IDENTITY)) + { + certificate_t *cert = auth.cfg->get(auth.cfg, AUTH_RULE_SUBJECT_CERT); + if (cert) + { + identification_t *id = cert->get_subject(cert); + DBG1(DBG_CFG, " id not specified, defaulting to cert id '%Y'", id); + id = id->clone(id); + auth.cfg->add(auth.cfg, AUTH_RULE_IDENTITY, id); + } + } + if (strcasepfx(name, "local")) { peer->local->insert_last(peer->local, auth.cfg); -- 2.3.6 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
