Ok, but would the fallback from asn.1 to plain string then make sense?
Something like (just pseudo):
identification_t * identification_create_from_data(chunk_t data)
{
char buf[data.len + 1];
identification_t* id = NULL;
if (is_asn1(data))
{
id = identification_create_from_encoding(ID_DER_ASN1_DN, data);
if (id->is_empty())
{
id->destroy(id);
id = NULL;
}
}
if (id == NULL)
{
/* use string constructor */
snprintf(buf, sizeof(buf), "%.*s", (int)data.len, data.ptr);
id = identification_create_from_string(buf);
}
}
BR,
Totti
On Mon, Nov 2, 2020 at 3:15 PM Tobias Brunner <[email protected]> wrote:
> Hi Totti,
>
> > There is also ID Type in the identification payload.
>
> Unfortunately, EAP-Identities are not transmitted in such payloads.
> They are basically arbitrary binary blobs that strongSwan tries to parse
> based on some heuristics to actually match them against other identities
> (e.g. in certificates or the configuration, which all have a type
> associated that must match).
>
> Regards,
> Tobias
>
