tls-server: Use subject DN as peer identity if it was ID_ANY
To request client authentication if we don't know the client's identity, it's possible to use ID_ANY. However, if we don't change the identity get_peer_id() would still report ID_ANY after the authentication.
This commit is contained in:
parent
d5606ec350
commit
4b7cfb252e
|
@ -729,6 +729,12 @@ static status_t process_certificate(private_tls_server_t *this,
|
||||||
DBG1(DBG_TLS, "received TLS peer certificate '%Y'",
|
DBG1(DBG_TLS, "received TLS peer certificate '%Y'",
|
||||||
cert->get_subject(cert));
|
cert->get_subject(cert));
|
||||||
first = FALSE;
|
first = FALSE;
|
||||||
|
if (this->peer && this->peer->get_type(this->peer) == ID_ANY)
|
||||||
|
{
|
||||||
|
this->peer->destroy(this->peer);
|
||||||
|
this->peer = cert->get_subject(cert);
|
||||||
|
this->peer = this->peer->clone(this->peer);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue