ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

tls-server: Use subject DN as peer identity if it was ID_ANY 

To request client authentication if we don't know the client's identity,
it's possible to use ID_ANY.  However, if we don't change the identity
get_peer_id() would still report ID_ANY after the authentication.
This commit is contained in:
Tobias Brunner 2021-02-18 12:31:17 +01:00
parent d5606ec350
commit 4b7cfb252e
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libtls/tls_server.c
View File

@ -729,6 +729,12 @@ static status_t process_certificate(private_tls_server_t *this,
DBG1(DBG_TLS, "received TLS peer certificate '%Y'",
cert->get_subject(cert));
first = FALSE;
if (this->peer && this->peer->get_type(this->peer) == ID_ANY)
{
this->peer->destroy(this->peer);
this->peer = cert->get_subject(cert);
this->peer = this->peer->clone(this->peer);
}
}
else
{