>From the code it looks like, identity set using AUTH_RULE_EAP_IDENTITY is
used only in the EAP Identity rounds .
This identity is not being used for id check in API find_private_key in
tls_peer.c
Thanks,
Ravikanth
On Tue, Oct 11, 2016 at 12:09 PM, Ravi Kanth Vanapalli <
vvnrk.vanapa...@gmail.com
Dear Andreas,
Looks my issue is not solved yet.
I have modified the identity with the statement below
(1) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id2);
But still EAP-TLS is looking for Idenity set with
1) auth->add(auth, AUTH_RULE_IDENTITY, id1);
Can you please help me with this issue.
Dear Andreas,
Thank you for your valuable inputs. My issue is solved now.
Thanks,
Ravikanth
On Tue, Oct 11, 2016 at 8:47 AM, Andreas Steffen <
andreas.stef...@strongswan.org> wrote:
> aaa_identity is used by an EAP client to verify the identity
> in the TLS server certificate if it is differen
aaa_identity is used by an EAP client to verify the identity
in the TLS server certificate if it is different from the IKEv2
server certificate.
Regards
Andreas
On 11.10.2016 13:36, Ravi Kanth Vanapalli wrote:
> Adding option (3) here.
>
> 3) auth->add(auth, AUTH_RULE_AAA_IDENTITY, id)
>
> Whi
Hi Ravi,
yes, your understanding is correct.
Regards
Andraes
On 11.10.2016 13:28, Ravi Kanth Vanapalli wrote:
> Sure Andreas. Thank you for this valuable input. I will give a try.
>
> Could you please confirm the difference between 1 and 2 below
>
> 1) auth->add(auth, AUTH_RULE_IDENTITY, id);
Adding option (3) here.
3) auth->add(auth, AUTH_RULE_AAA_IDENTITY, id)
Which of the following identities (1),2 or 3 is used to fetch the private
key in EAP_TLS authentcation.
On Tue, Oct 11, 2016 at 7:28 AM, Ravi Kanth Vanapalli <
vvnrk.vanapa...@gmail.com> wrote:
> Sure Andreas. Thank you for
Sure Andreas. Thank you for this valuable input. I will give a try.
Could you please confirm the difference between 1 and 2 below
1) auth->add(auth, AUTH_RULE_IDENTITY, id);
2) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id);
My understanding is that (1) is used to fill the IDi in the first IKE_
Hi Ravi,
why don't you use the eap_identity parameter?
Regards
Andreas
On 10.10.2016 22:13, Ravi Kanth Vanapalli wrote:
> Hi all,
>
> I have a situation wherein I need to alter the IDi slightly before the
> EAP-TLS authentication proceeds. I.e IDi in the first IKE_AUTH message
> should be diff