charon-xpc: Set AUTH_RULE_IDENTITY_LOOSE on responder config

This allows the server to use a different IKE identity as long as the configured hostname is contained in the certificate.
2013-11-01 12:05:48 +01:00 · 2013-11-01 12:05:48 +01:00 · 10900ed7e7
parent b76e96e2ef
commit 10900ed7e7
1 changed files with 4 additions and 0 deletions
--- a/src/frontends/osx/charon-xpc/xpc_dispatch.c
+++ b/src/frontends/osx/charon-xpc/xpc_dispatch.c
@ -110,6 +110,10 @@ static void add_auth_cfg(peer_cfg_t *peer_cfg, bool local,
 	auth = auth_cfg_create();
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, class);
 	auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id));
+	if (!local)
+	{
+		auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
+	}
 	peer_cfg->add_auth_cfg(peer_cfg, auth, local);
 }